[TYPO3-dev] createGroup / chgrp question

Henjo Hoeksma me at henjohoeksma.nl
Wed Jan 26 02:16:25 CET 2011


On 2011-01-26 00:47:53 +0100, Ries van Twisk said:

>> 
>> 
>> On 26.01.11 00:13, Henjo Hoeksma wrote:
>>> Hi devs,
>>> 
>>> just trying to understand some basic ownership issues:
>>> 
>>> I found that the basicFilefunctions class tries to set the group of a
>>> file/directory based on the settings in the install tool
>>> ([BE][createGroup]) with chgrp() function of php.
>>> In order to have this work apache should be a superuser on a system.
>>> That wouldn't make much sense when thinking about security...
>> 
>> I never used this setting, it could make sense, if the web server user 
>> is in several groups (but the primary group is e.g. not the group which 
>> the ftp users share with it).
>> 
>> That's what the PHP docu states:
>> 
>>> Only the superuser may change the group of a file arbitrarily; other 
>>> users may change the group of a file to any group of which that user is 
>>> a member.
>> 
>> Thus being member of both groups would allow to execute a chgrp().
>> 
> 
> Henjo,
> 
> I can confirm that it works in this setup. You need to
> make sure that the webserver is also member in the group
> you want to change the group to.
> 
> Ries

Hi Steffen, Ries,

thanks for the insights. What would this mean for security issues 
though, that the apache user will be in all (user)groups on a shared 
environment?
That would not be very safe - or am I misinterpreting what is actually 
going on?

*my brain seems to let go of me...*

Thanks,

Henjo





More information about the TYPO3-dev mailing list