Open
Conversation
if the group user requires to make any changes to the paths modified by ```chmod -R g+rws``` it gets an operation not permitted as directories are not only writeable but executable and any modifications down them require the execute permissions, i would also propose to remove this line entirely and allow/suggest/enforce users to define their own permissions on deployment. hopefully this works, let me know if any more info is needed
we should not assume full perms to "others" is granted as this presents a security risk if anyone forgets to actually define the mode on chmod Signed-off-by: Daniel Espinoza <daniel.espinoza@stackpath.com>
sticky bit avoids the posibility of future modifications to the permissions on child directories which could be undesired and -R on chown/chmod already makes sure all the permissions are set one time only without forcing you to stick to those perms, also, directories require execute permission to be accesed Signed-off-by: Daniel Espinoza <daniel.espinoza@stackpath.com>
Signed-off-by: Daniel Espinoza <daniel.espinoza@stackpath.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
having an sticky bit seems unnecessary as it will enforce having those permissions set up and avoids deletion and mv's from groups users, since first run until root/owner comes and modifies them which is not something you always want, group should be able to modify those perms and children directories permissions too.
i would suggest to remove that line entirely but since it would block the user to make any further modifications too i think this is a better solution.
directories require execute permission to be able to
cd /dirso execute permission should also be added.also, defaulting to full perms to all linux users seems insecure, so 0770 seems like a better solution.