On 10/23/11 13:21, wen heping wrote:
> 2011/10/23 Nigel Taylor <njtay...@asterisk.demon.co.uk>:
>> Hi,
>>
>> The issue was chmod a+w included o+w so using chmod o+w is no
>
> Sorry , here I mean u+w but made a typo to o+w.
>
> Now I attached revised diff file.
The u+w is fine.
>
>
>> improvement. You might find if the owner:group was changed on the
>> directory config, as apache runs under www:www to:
>>
>> www:www, that drwxr-xr-x (u+w)
>>
>> or
>>
>> root:www then drwxrwxr-x (ug+w)
>>
>> this might solve part of the issue.
>
>
> Personly I agree we should set these PHP applications's owner to
> www:www and then set their mode to 0644. But I found many PHP
> applications in portstree sets their owner to ${SHAREOWN}:${SHAREGRP},
> I am not sure whether or not to change mediawiki too.
root:bin is fine for the PHP applications root:daemon might be more
consistent with the /var/www owner group. Only if the PHP application
needs to store / modify data when called via http(s) should it have
www:www as the owner group, for the containing directory holding that
information.
Nigel
>
>
> wen
>
>
>
>
>>
>> However the file index.php is located in the wrong directory in the
>> first place, and if index.php is changed this breaks the package updating.
>>
>> Nigel
>>
>> On 10/22/11 13:25, wen heping wrote:
>>> How about this one ?
>>>
>>> wen
>>>
>>> 2011/10/19 Nigel Taylor <njtay...@asterisk.demon.co.uk>:
>>>> On 10/19/11 14:05, wen heping wrote:
>>>>> Hi,
>>>>>
>>>>> Here is an update of www/mediawiki to 1.7.0.
>>>>>
>>>>> Tested on Loongson and no regress.
>>>>>
>>>>> Comments? OK ?
>>>>>
>>>>>
>>>>> wen
>>>> Hi,
>>>>
>>>> That's update to 1.17.0..
>>>>
>>>> In the PLIST
>>>>
>>>> +mediawiki/cache/.htaccess
>>>> @mode a+w
>>>> mediawiki/config/
>>>> +@mode
>>>> +mediawiki/config/OBSOLETE
>>>> +@mode a+w
>>>> mediawiki/config/index.php
>>>> @mode
>>>> mediawiki/config/index.php5
>>>>
>>>> All users write access to mediawiki/config directory that's almost
>>>> always wrong, only /tmp or /var/tmp have this but also have sticky bit
>>>> set. A directory named config if truly for configurations as implied by
>>>> the name it's most definitely wrong.
>>>>
>>>> Then mediawiki/config/index.php, executable code with all users write
>>>> access, that's wrong. index.php shouldn't be modified as supplied by the
>>>> package and sha checksummed, pkg_add will complain if modified on
>>>> updates. You don't place any executable code in a rw directory.
>>>>
>>>> Not used this software. Looks like this has been wrong from the start.
>>>> Could possibly be an upstream.
>>>>
>>>> It's no worse than it was before, but I can't say it's Ok.
>>>>
>>>> Nigel
>>>>
>>
>>
