Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-53899

Permissions of files created during the plugin installation

    XMLWordPrintable

Details

    • MOODLE_30_STABLE
    • MOODLE_30_STABLE
    • MDL-53899-master-pluginperm
    • Hide
      1. Explicitly configure these default values in your config.php (so that we are sure about them):

        $CFG->directorypermissions = 02777; 
        $CFG->filepermissions = 0666;
        

      2. Set more restrictive permissions for the root directory of a given plugin type. E.g. set 750 for the admin/tool/ folder.
      3. Install a plugin of that type via the admin interface.
      4. Expected behaviour: The installled plugin's directories and files inherit the type directory permissions.
      1. Test that you can still install plugins on a windows server.
      Show
      Explicitly configure these default values in your config.php (so that we are sure about them): $CFG->directorypermissions = 02777; $CFG->filepermissions = 0666; Set more restrictive permissions for the root directory of a given plugin type. E.g. set 750 for the admin/tool/ folder. Install a plugin of that type via the admin interface. Expected behaviour: The installled plugin's directories and files inherit the type directory permissions. Test that you can still install plugins on a windows server.

    Description

      This is a regression of the plugin installer improvements in Moodle 3.0 - MDL-49329

      A bit of background first:

      When installing plugins via admin interface in Moodle 2.5, the plugin files were created under dataroot and then copied over to the dirroot. So they were created using the $CFG->directorypermissions and $CFG->filepermissions having default values 02777 and 666. This is suitable for dataroot files, but not for PHP scripts and it may lead to HTTP 500 errors.

      To fix that, Petr Škoda implemented a better behaviour for Moodle 2.6 in MDL-42110 where the plugin files inherit the permissions from the plugin root folder.

      Unfortunately I did not realize this in MDL-49329 where the implementation of the files deployment was changed. We now use file_packer::extract_to_pathname() which uses the CFG permissions again.

      As a result, in Moodle 3.0 the plugins are again created with too relaxed permissions by default, causing HTTP 500 and other troubles - e.g MDL-53688 or MDL-53895.

      I'm sorry for that.

      Attachments

        Issue Links

          Activity

            People

              mudrd8mz David Mudrák (@mudrd8mz)
              mudrd8mz David Mudrák (@mudrd8mz)
              Damyon Wiese Damyon Wiese
              David Monllaó David Monllaó
              Simey Lameze Simey Lameze
              Andrew Lyons, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Stevani Andolo
              Votes:
              2 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                9/May/16