[ http://jira.codehaus.org/browse/MSITE-141?page=comments#action_65649 ]
Martin Vysny commented on MSITE-141: ------------------------------------ Well, that may be required when the group is set correctly. However on my provider's web server new files are created simply with group "users". And I certainly don't want to allow all users to rewrite my files. So, it should be optional whether to use this chmod command or not. > Possible security hole when deploying site > ------------------------------------------ > > Key: MSITE-141 > URL: http://jira.codehaus.org/browse/MSITE-141 > Project: Maven 2.x Site Plugin > Type: Bug > Versions: 2.0-beta-5 > Environment: Linux gentoo 2.6.16 64bit, maven 2.0.2 > Reporter: Martin Vysny > Priority: Critical > > > When the site is deployed into a directory /foo/bar, the following command is > issued over a ssh: > chmod -Rf g+w /foo/bar/ > it was intended to use g+r I presume? :-) -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
