[MDL-53899] Permissions of files created during the plugin installation - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.0, 3.0.3
Fix Version/s: 3.0.4
Component/s: Administration
Labels:
- ci
- regression
- release_notes
- triaged

Affected Branches:
MOODLE_30_STABLE
Fixed Branches:
MOODLE_30_STABLE
Pull from Repository:
git://github.com/mudrd8mz/moodle.git
Pull Master Branch:
~~MDL-53899~~-master-pluginperm
Pull Master Diff URL:
https://github.com/mudrd8mz/moodle/compare/4f33514...MDL-53899-master-pluginperm
Testing Instructions:
Hide

Explicitly configure these default values in your config.php (so that we are sure about them):

$CFG->directorypermissions = 02777;

$CFG->filepermissions = 0666;

Set more restrictive permissions for the root directory of a given plugin type. E.g. set 750 for the admin/tool/ folder.

Install a plugin of that type via the admin interface.

Expected behaviour: The installled plugin's directories and files inherit the type directory permissions.

Test that you can still install plugins on a windows server.
Show
Explicitly configure these default values in your config.php (so that we are sure about them): $CFG->directorypermissions = 02777; $CFG->filepermissions = 0666; Set more restrictive permissions for the root directory of a given plugin type. E.g. set 750 for the admin/tool/ folder. Install a plugin of that type via the admin interface. Expected behaviour: The installled plugin's directories and files inherit the type directory permissions. Test that you can still install plugins on a windows server.

Description

This is a regression of the plugin installer improvements in Moodle 3.0 - ~~MDL-49329~~

A bit of background first:

When installing plugins via admin interface in Moodle 2.5, the plugin files were created under dataroot and then copied over to the dirroot. So they were created using the $CFG->directorypermissions and $CFG->filepermissions having default values 02777 and 666. This is suitable for dataroot files, but not for PHP scripts and it may lead to HTTP 500 errors.

To fix that, Petr Škoda implemented a better behaviour for Moodle 2.6 in ~~MDL-42110~~ where the plugin files inherit the permissions from the plugin root folder.

Unfortunately I did not realize this in ~~MDL-49329~~ where the implementation of the files deployment was changed. We now use file_packer::extract_to_pathname() which uses the CFG permissions again.

As a result, in Moodle 3.0 the plugins are again created with too relaxed permissions by default, causing HTTP 500 and other troubles - e.g ~~MDL-53688~~ or MDL-53895.

I'm sorry for that.

Attachments

Issue Links

has a non-specific relationship to

MDL-42110 Installing add-ons causes 500 internal server error.

Closed

MDL-29016 Support changing of $CFG->directorypermissions in moodle installers modified by distributions

Closed

is a regression caused by

MDL-49329 Multiple improvements in the plugins installation/update system

Closed

will help resolve

MDL-53688 Trouble with file permissions set by plugin installer

Closed

Activity

People

Assignee:: David Mudrák (@mudrd8mz)

Reporter:: David Mudrák (@mudrd8mz)

Peer reviewer:: Damyon Wiese

Integrator:: David Monllaó

Tester:: Simey Lameze

Participants:: CiBoT, Damyon Wiese, Dan Poltawski, David Monllaó, David Mudrák (@mudrd8mz), Jean FRUITET, Marina Glancy, Simey Lameze

Component watchers:: David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo

Votes:: 2 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 22/Apr/16 2:41 AM

Updated:: 29/Jun/16 3:36 AM

Resolved:: 04/May/16 2:24 PM

Fix Release Date:: 9/May/16