[Expo-tech] FIX_PERMISSIONS script, git & bad permissions on server generally

Philip Sargent [Gmail] philip.sargent at gmail.com
Fri Dec 31 00:18:28 GMT 2021 

WHY THIS IS IMPORTANT

=====================

 

All the File upload (survex files, drawings, photos, GPS tracks) stuff
depends on correct permissions in expofiles/.

All the Cave editing & Entrance editing forms depend on correct permissions
in expoweb/.

All the "Edit this page" handbook editing depends on correct permissions in
expoweb/.

All the survex file online editing depends on correct permissions in loser/

 

Proposal: we add something into databaseReset.py to run through everything
and re-set permissions according to an agreed schema.

git does not preserve permissions. So we have to manage this ourselves.

 

FIX_PERMISSIONS

===============

 

Does this tickle your memory with anything significant ?

 

it's time to expunge this I think. It is a relic from 

_deploy/potatohut/localsettingspotatohut.py:27:FIX_PERMISSIONS = ["sudo",
"/usr/local/bin/fix_permissions"]

 

and 

FIX_PERMISSIONS =[]

is in all the current systems.

 

We have no copy of the script itself anywhere so far as I can see.

It is called whenever the Form submission for a cave or entrance fails, but
is just a hack because the permissions were not done properly elsewhere I
think.

 

EXPOWEB PERMISSIONS

===================

 

Also we *still* have mixed crap permissions on expoweb. They should all be
664 not 644.

e.g. 

intro.htm was last changed 2 years ago and is 644

sponsr.htm was last changed 2 years ago and is 664

 

 

-rw-rw-r--   1 expo www-data    552 Apr 18  2020 rope_history.html

-rw-rw-r--   1 expo www-data   2998 Apr 18  2020 qm.html

-rwxrwxr-x   1 expo www-data    804 Apr 18  2020 svxtrace.py

-rw-rw-r--   1 expo www-data   2890 Apr 18  2020 sponsr.htm

drwxrwsr-x   2 expo www-data   4096 Apr 18  2020 tinypix

-rwxrwxr-x   1 expo www-data    550 Apr 18  2020 updateweb

drwxrwsr-x   5 expo www-data   4096 Apr 18  2020 topos

-rw-rw-r--   1 expo www-data 396383 Apr 18  2020 smk000.jpg

-rw-rw-r--   1 expo www-data 403865 Apr 18  2020 geology.jpg

drwxrwsr-x   5 expo www-data   4096 Apr 19  2020 documents

-rw-r--r--   1 expo www-data   5475 Apr 22  2020 intro.htm

-rw-r--r--   1 expo www-data    744 Apr 27  2020 augstb.html

-rw-r--r--   1 expo www-data   3675 May  1  2020 gschwand.html

-rw-r--r--   1 expo www-data   3631 May  1  2020 egglgrub.html

-rw-r--r--   1 expo www-data   3761 May  1  2020 br-alm.html

-rw-r--r--   1 expo www-data   4611 May  1  2020 kratzer.html

-rw-r--r--   1 expo www-data   4179 May  1  2020 smkridge.html

-rw-r--r--   1 expo www-data   5006 May  1  2020 loser.html

 

OK, so some system-generated files could be 644, such as folk/folk.htm

but actually these are the least important to be heavily protected so it is
unnecessary.

 

Everything else needs to systematically be 644 otherwise "Edit this page"
does not work - and fails randomly if the permissions are wrong.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wookware.org/pipermail/expo-tech/attachments/20211231/23ec05d1/attachment.htm>

More information about the Expo-tech mailing list