[TYPO3-dev] createGroup / chgrp question

Christopher Torgalson bedlamhotel at gmail.com
Wed Jan 26 02:38:48 CET 2011


Hello,

On Tue, Jan 25, 2011 at 5:16 PM, Henjo Hoeksma <me at henjohoeksma.nl> wrote:
> On 2011-01-26 00:47:53 +0100, Ries van Twisk said:
>
>>>
>>>
>>> On 26.01.11 00:13, Henjo Hoeksma wrote:
>>>>
>>>> Hi devs,
>>>>
>>>> just trying to understand some basic ownership issues:
>>>>
>>>> I found that the basicFilefunctions class tries to set the group of a
>>>> file/directory based on the settings in the install tool
>>>> ([BE][createGroup]) with chgrp() function of php.
>>>> In order to have this work apache should be a superuser on a system.
>>>> That wouldn't make much sense when thinking about security...
>>>
>>> I never used this setting, it could make sense, if the web server user is
>>> in several groups (but the primary group is e.g. not the group which the ftp
>>> users share with it).
>>>
>>> That's what the PHP docu states:
>>>
>>>> Only the superuser may change the group of a file arbitrarily; other
>>>> users may change the group of a file to any group of which that user is a
>>>> member.
>>>
>>> Thus being member of both groups would allow to execute a chgrp().
>>>
>>
>> Henjo,
>>
>> I can confirm that it works in this setup. You need to
>> make sure that the webserver is also member in the group
>> you want to change the group to.
>>
>> Ries
>
> Hi Steffen, Ries,
>
> thanks for the insights. What would this mean for security issues though,
> that the apache user will be in all (user)groups on a shared environment?
> That would not be very safe - or am I misinterpreting what is actually going
> on?


While there may be such environments, I've never encountered a shared
hosting environment where this would be possible. A common setup
(absent suexec where PHP runs as the Apache user) has PHP run as
nobody:nobody which means that files and directories that should be
writeable by PHP/TYPO3 must belong to the group 'nobody'.

That enables PHP to write new files (which will be nobody:nobody), but
does make those files impossible for the account user to delete or
overwrite using FTP. In this circumstance, neither the account owner
nor PHP can chgrp files they own to the other's group. In practice,
this has seldom been a problem for any sites I've built or maintained
(indeed, I'm not sure I've ever encountered a good use case for
managing files with *both* TYPO3 and FTP).

-- 
Christopher Torgalson
http://www.typo3apprentice.com/




More information about the TYPO3-dev mailing list