I have no write access to this page http://drupal.org/node/202483.

I want to correct it because is little bit insecure...

I think we should also add a link to this page http://drupal.org/node/244924

Comments

gagarine’s picture

Same for http://drupal.org/node/202491 (i put in the same issue because is the same doc section)

MGParisi’s picture

I changed it to status: Insecure. The issue is that the overall document is unclear. It seems to apply to instillation, which would make changing everything including the system directory to '777' but that's not quite right either.

Anyways, it definitely does not mention to change it BACK to 755 until WAY at the bottom of the page, and with comments it becomes very hard to find (took me 3 times of reading it to catch it). We can offer a bookmark and a link to the bottom or re-iterate that 777 may not be secure and the user should change it back to 755. Also I beleive settings.php is not 755, and it does not mention an easy way to do this all through FTP. Its really tailored to people with shell access:(

I would like to hear what others feel. Maybe we can reduce duplication and/or make this page "secure". If changing it back to 755 was common sense then wouldn't changing it to 777 be common sense?

arianek’s picture

hi - gagarine, you should be able to edit the page now (i've assigned you docs admin role, as i've seen you working on various docs issues).

you can go ahead and make the edits and then mark this issue status as "needs review" thanks!

gagarine’s picture

Status: Active » Fixed

Thanks :) I will edit those docs when I catch some time

arianek’s picture

Status: Fixed » Active

Hi gagarine -

I've changed this back to "active" until the work is done (just in case you don't have time, then someone else will be able to pick it up. If you're pretty sure you'll be working on it, you can "assign" it to yourself with the "Assigned" field, so that nobody works on it in the meantime.

Thanks!

MGParisi’s picture

The format of this document needs fixing. It uses just h3, and there is no distinction between Linux, Mac and Windows. I create three h2's, a Linux, Mac and Windows section, and then have sub headers (h3). Once we do that then we can make the "cleaning up page" section on the bottom more clear.

gagarine’s picture

Title: no write access to "Modifying Linux, Unix, and Mac" » "Modifying Linux, Unix, and Mac file permissions" give unsafe instruction

I modified the article hop is "safer"... what do you think MGParisi ? I still think we should delete the page because the starting point of the writer was "give write to everyone to fix installation issue" and it's just a list of "how to" do this....

jhodgdon’s picture

Bump. Are you two still working on these pages? When you're done, please set the status to "needs copy edit", at least on http://drupal.org/node/202483, unless you are able to also fix the copy (which is rather a mess). Also, I noticed in the first line that it is talking about sites/default/file - which should be sites/default/files I believe?

jhodgdon’s picture

Component: Other documentation issues » Correction/Clarification
Issue summary: View changes
Alienpruts’s picture

Title: "Modifying Linux, Unix, and Mac file permissions" give unsafe instruction » "Modifying Linux, Unix, and Mac file permissions" gives unsafe instruction
Status: Active » Needs work

Fixed title. Overall the document needs a good review and make-over, technically and gramatically.

Elliottba’s picture

Status: Needs work » Needs review
Issue tags: +ContributionWeekend2020

Modified some grammar, moved 2 sections of Explanation up to top.

hotwebmatter’s picture

I also edited this for grammar, clarity and emphasis.

gagarine’s picture

The issue is a decade old! Comments on the documentation are also super old.

We should just delete those kinds of pages and stop wasting time. Stackoverflow does a better job for those kinds of general questions.

In short -> almost nobody cares about those pages.

hansfn’s picture

Status: Needs review » Needs work

I agree with you, gagarine, that such general OS documentation should be removed from drupal.org. The docs get outdated and is better explained / answered else where.

However, you should create a new issue asking for removal of this page (and all similar pages). Maybe some people disagree with us ;-)

ijf8090’s picture

Novice contributor (be gentle :) )

I disagree with idea of moving this documentation to Stack Overflow. I think just kicks the issue down the road and tries to make it somebody else's problem and we will lose control of the issue.

I'm amazed that in the last 10 years nobody has come up with definitive rules for Windows/Mac/Linux environments. These rules should change rarely if at all .

I wish I had the chops to provide all the answers :( .
But on my Linux machine (Ubuntu 18.04)
$ chmod 777 sites/default/files/
resolves the error
File system
The directory sites/default/files is not writable.

Temporarily change to 664 permissions on the settings.php file seems to resolve the second install issue.

hansfn’s picture

Status: Needs work » Fixed

I'm amazed that in the last 10 years nobody has come up with definitive rules for Windows/Mac/Linux environments. These rules should change rarely if at all

And then you recommend 777 which is very insecure in certain situations - and probably the reason this issue was created 9 years ago ;-)

Anyway, my point is that teaching people how to use their operating system is not something Drupal or Wordpress should do. It's like my car's entertainment system trying to teach me how to drive. Where people find this information, Stack Overflow or the OS handbook (example for Debian) is irrelevant.

I'm not going to spend more time on this issue and certainly not on the actual page. Since the link to http://drupal.org/node/244924 is already added, I'm closing this issue. Feel free to reopen it - or just edit the page for clarity.

PS! http://drupal.org/node/244924 (which is linked to) does discuss shared hosting which is the most common problem related to security.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.