Post by iplocker » Sun Oct 18, 2020 7:34 pm

Hello.
I have a weird issue, when I am creating a folder with image manager of Opencart always it has 777 permissions
Any idea why ?
Thanks

Active Member

Posts

Joined
Sun May 26, 2013 6:39 pm


Post by straightlight » Sun Oct 18, 2020 7:47 pm

chown may have been used to enforce CHMOD permissions to be set to 0777 recursively when creating folders on your domain which is highly unrecommended due to security issues this may cause.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by OSWorX » Sun Oct 18, 2020 8:01 pm

straightlight wrote:
Sun Oct 18, 2020 7:47 pm
chown may have been used to enforce CHMOD permissions to be set to 0777 recursively when creating folders on your domain which is highly unrecommended due to security issues this may cause.
Would you please take a look into the code (here from 3.0.3.6)!?
filemanager.php (334 & 335):

Code: Select all

mkdir($directory . '/' . $folder, 0777);
chmod($directory . '/' . $folder, 0777);
thx!

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by iplocker » Sun Oct 18, 2020 8:07 pm

Hello.
I dont have any chown running on my site.
I have check admin/controller/common/filemanager.php and I see your code you re saying: http://prntscr.com/v1ndn1
I have made a clean installation of OC 3.0.3.6 in a subfolder and still getting 777 at the folder http://prntscr.com/v1o47v .
Thanks
Last edited by iplocker on Sun Oct 18, 2020 11:03 pm, edited 1 time in total.

Active Member

Posts

Joined
Sun May 26, 2013 6:39 pm


Post by straightlight » Sun Oct 18, 2020 9:58 pm

OSWorX wrote:
Sun Oct 18, 2020 8:01 pm
straightlight wrote:
Sun Oct 18, 2020 7:47 pm
chown may have been used to enforce CHMOD permissions to be set to 0777 recursively when creating folders on your domain which is highly unrecommended due to security issues this may cause.
Would you please take a look into the code (here from 3.0.3.6)!?
filemanager.php (334 & 335):

Code: Select all

mkdir($directory . '/' . $folder, 0777);
chmod($directory . '/' . $folder, 0777);
thx!
Still in master branch ... never noticed that was there. If everybody OC supporter suggests to use a maximum of 0755 on folders, then this should also be changed ...

Suggestion now made: https://github.com/opencart/opencart/pull/8781 .

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by OSWorX » Sun Oct 18, 2020 11:25 pm

straightlight wrote:
Sun Oct 18, 2020 9:58 pm
... never noticed that was there ...
0777 since the filemanager.php exists!

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by straightlight » Sun Oct 18, 2020 11:34 pm

OSWorX wrote:
Sun Oct 18, 2020 11:25 pm
straightlight wrote:
Sun Oct 18, 2020 9:58 pm
... never noticed that was there ...
0777 since the filemanager.php exists!
Yes, I was referring to the 0777 permission setting itself, not the file manager.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by OSWorX » Mon Oct 19, 2020 2:26 pm

straightlight wrote:
Sun Oct 18, 2020 11:34 pm
Yes, I was referring to the 0777 permission setting itself, not the file manager.
Me too!
It is 0777 since this file was introduced .. and this is many years ago ..

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by EvolveWebHosting » Mon Oct 19, 2020 9:17 pm

OSWorX wrote:
Mon Oct 19, 2020 2:26 pm
straightlight wrote:
Sun Oct 18, 2020 11:34 pm
Yes, I was referring to the 0777 permission setting itself, not the file manager.
Me too!
It is 0777 since this file was introduced .. and this is many years ago ..
I have noticed this too. Can the file be updated to reference the server setting instead?

2 Week FREE Trial of our Shared Hosting plans (DIrectAdmin or cPanel) for new customers
2 Week FREE Trial of Astra Firewall and Malware Scanner
Visit our website for full details and to start your trial today - www.evolvewebhost.com


User avatar
Active Member

Posts

Joined
Fri Mar 27, 2015 11:13 pm
Location - Denver, Colorado, USA

Post by straightlight » Mon Oct 19, 2020 9:27 pm

EvolveWebHosting wrote:
Mon Oct 19, 2020 9:17 pm
OSWorX wrote:
Mon Oct 19, 2020 2:26 pm
straightlight wrote:
Sun Oct 18, 2020 11:34 pm
Yes, I was referring to the 0777 permission setting itself, not the file manager.
Me too!
It is 0777 since this file was introduced .. and this is many years ago ..
I have noticed this too. Can the file be updated to reference the server setting instead?
Lowering the permission level to 0755 would be a simpler task as it is the recommended settings for folders on anyhow.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by OSWorX » Mon Oct 19, 2020 10:00 pm

straightlight wrote:
Mon Oct 19, 2020 9:27 pm
Lowering the permission level to 0755 would be a simpler task as it is the recommended settings for folders on anyhow.
0755 is quite a good setting - and recommended.
But (sorry, as always), it raise another problem, becuase some providers have their servers set to another mask.
I have see nearly everything from 650 to 750 and other figures.

Maybe a check with umask or/and a combination umask with chmod would be useful to use then the correct setting.

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by EvolveWebHosting » Tue Oct 20, 2020 11:36 pm

straightlight wrote:
Mon Oct 19, 2020 9:27 pm
EvolveWebHosting wrote:
Mon Oct 19, 2020 9:17 pm
OSWorX wrote:
Mon Oct 19, 2020 2:26 pm


Me too!
It is 0777 since this file was introduced .. and this is many years ago ..
I have noticed this too. Can the file be updated to reference the server setting instead?
Lowering the permission level to 0755 would be a simpler task as it is the recommended settings for folders on anyhow.
For most servers, yes. Hopefully the change is made to main downloads.

2 Week FREE Trial of our Shared Hosting plans (DIrectAdmin or cPanel) for new customers
2 Week FREE Trial of Astra Firewall and Malware Scanner
Visit our website for full details and to start your trial today - www.evolvewebhost.com


User avatar
Active Member

Posts

Joined
Fri Mar 27, 2015 11:13 pm
Location - Denver, Colorado, USA

Post by haydent » Tue Dec 06, 2022 6:02 am

bit of a joke really, as 777 permissions have been frowned apon since days of zen cart

User avatar
Active Member

Posts

Joined
Wed Nov 09, 2011 9:50 am
Location - Sydney, Australia
Who is online

Users browsing this forum: DesignCart, sidclel and 91 guests