[WebDNA] was: Two file tags don't work as expected: Now: Permission Settings

This WebDNA talk-list message is from

2009


It keeps the original formatting.
numero = 102734
interpreted = N
texte = Hello, I have a bit more time today and wanted to expand on the subject of permissions (*nix platforms) that Ken broached the other day. Ken as this list (and I) have a long history and I admit I am sometimes short in my responses to him. ;-) First, I've always looked at permissions as ultimately a server admin's preference, but as someone who is in charge of trying to release a product that works as good as it can out-of-the-box, so-to-speak... I would like to get the lists opinions here. First, I will let you know how I have come to set up WebDNA over the years. I am by no means a Linux expert, so feel free to be the critic here. ;-) Since I have seemed to make a living working mostly on servers owned by others over the years, it has seemed to work best for me to do folder/file perms as: folder:775 file (non-secure):664 file (secure): 660 user/group: This allows group write ability to the files by WebDNA. WebDNA needs write access to most files to be able to function correctly. The reason I like to set up group write ability is that if FTP developers, with the group the same as apache, write over a file, WebDNA still functions correctly.. (It can still write to a file). This is perhaps assuming the roll of 'big brother' a bit as it is sort of trying to bypass the need for SSH access or the setting of permissions, which is perhaps not the best way to go about it. However, it has saved some headaches for me in the past as well as development time. Now, more regarding Ken's post. The umask for most systems is to set file permissions (when creating a dir or file) to 755 and 644... (no group write access). This is not quite in-line as to what I normally set a webdna environment to, and thus not quite in-line as to what WebDNA's default is set to now. ;-) (since I now have a say at the development office) Though we still haven't looked at the source for 'movefile'.. I am guessing (whether it has a bug or not) this tag is deferring to the system default umask settings of the server. Also, since building a sitebuilder site or Webdna Lab etc.. all use movefile... they are also defaulting the system umask settings, which, like I said, is usually set at 022 (the octal complement of the permissions I stated). So, one way for Ken to perhaps fix his issue is to set the umask to the desired octal complement: umask 002 We *could* change the system umask settings via during WebDNA install.. but I have opted not to do this so far because it is invasive in regards to affecting the entire system. Also, I am aware of different Linux distros having different options... meaning, I think some systems have the ability to set default perms based on group. Also, I am aware of the ability to set defaults per the shell that is being used. Anyway, as of now, I install webdna and then change the umask to my liking.. but there may be different opinions that I should hear.. so, if you have some strong opinions about this, I'm all ears. Donovan (p.s. yes, we will look into the movefile tag to perhaps utilize the admin permission settings when priorities permit). For now, there are lots of work-arounds regardless if this will be classified as a bug or not. -- Donovan Brooke WebDNA Software Corporation http://www.webdna.us **[Square Bracket Utopia]** Associated Messages, from the most recent to the oldest:

    
  1. [WebDNA] was: Two file tags don't work as expected: Now: Permission Settings (Donovan Brooke 2009)
Hello, I have a bit more time today and wanted to expand on the subject of permissions (*nix platforms) that Ken broached the other day. Ken as this list (and I) have a long history and I admit I am sometimes short in my responses to him. ;-) First, I've always looked at permissions as ultimately a server admin's preference, but as someone who is in charge of trying to release a product that works as good as it can out-of-the-box, so-to-speak... I would like to get the lists opinions here. First, I will let you know how I have come to set up WebDNA over the years. I am by no means a Linux expert, so feel free to be the critic here. ;-) Since I have seemed to make a living working mostly on servers owned by others over the years, it has seemed to work best for me to do folder/file perms as: folder:775 file (non-secure):664 file (secure): 660 user/group: This allows group write ability to the files by WebDNA. WebDNA needs write access to most files to be able to function correctly. The reason I like to set up group write ability is that if FTP developers, with the group the same as apache, write over a file, WebDNA still functions correctly.. (It can still write to a file). This is perhaps assuming the roll of 'big brother' a bit as it is sort of trying to bypass the need for SSH access or the setting of permissions, which is perhaps not the best way to go about it. However, it has saved some headaches for me in the past as well as development time. Now, more regarding Ken's post. The umask for most systems is to set file permissions (when creating a dir or file) to 755 and 644... (no group write access). This is not quite in-line as to what I normally set a webdna environment to, and thus not quite in-line as to what WebDNA's default is set to now. ;-) (since I now have a say at the development office) Though we still haven't looked at the source for 'movefile'.. I am guessing (whether it has a bug or not) this tag is deferring to the system default umask settings of the server. Also, since building a sitebuilder site or Webdna Lab etc.. all use movefile... they are also defaulting the system umask settings, which, like I said, is usually set at 022 (the octal complement of the permissions I stated). So, one way for Ken to perhaps fix his issue is to set the umask to the desired octal complement: umask 002 We *could* change the system umask settings via during WebDNA install.. but I have opted not to do this so far because it is invasive in regards to affecting the entire system. Also, I am aware of different Linux distros having different options... meaning, I think some systems have the ability to set default perms based on group. Also, I am aware of the ability to set defaults per the shell that is being used. Anyway, as of now, I install webdna and then change the umask to my liking.. but there may be different opinions that I should hear.. so, if you have some strong opinions about this, I'm all ears. Donovan (p.s. yes, we will look into the movefile tag to perhaps utilize the admin permission settings when priorities permit). For now, there are lots of work-arounds regardless if this will be classified as a bug or not. -- Donovan Brooke WebDNA Software Corporation http://www.webdna.us **[Square Bracket Utopia]** Donovan Brooke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Error reading data -1 (1997) Correct SQL WebDNA Syntax (2005) taxTotal (1997) Replace context problem ... (1997) help with autenticate (1998) Kaaaaahhhhhhhnnnnnnn! (1997) WebCat cannot handle compatible search parameters? (1997) WebCatalog for guestbook ? (1997) Text data with spaces in them... (1997) Maybe off topic but how to charge (1997) RE: IIS 4 (1998) Pithy questions on webcommerce & siteedit (1997) Grouping fields help (2004) New Guestbook Source (1997) RE: Generating Pages (1999) SPAM is SPAM is SPAM.... Smith Micro - no competition (2000) [WebDNA] [hideif]'s not working in [sendmail] (2008) trouble updating records in database (1998) WebCatalog can't find database (1997) Security Issues and WebCommerce Solution (1997)