[Bug 736764] New: owncloud package permissions root open.
https://bugzilla.novell.com/show_bug.cgi?id=736764
https://bugzilla.novell.com/show_bug.cgi?id=736764#c0
Summary: owncloud package permissions root open.
Classification: openSUSE
Product: openSUSE.org
Version: unspecified
Platform: Other
OS/Version: Other
Status: NEW
Severity: Major
Priority: P5 - None
Component: 3rd party software
AssignedTo: asemen@suse.com
ReportedBy: mrueckert@suse.com
QAContact: opensuse-communityscreening@forge.provo.novell.com
CC: wstephenson@suse.com, jnelson-suse@jamponi.net,
freitag@suse.com
Found By: ---
Blocker: ---
the app code should *never* be writable by the web server.
i would propose the following changes:
1.
change default ownership to root:www
change default permissions to u+rwX,g+rX (I would recommend doing this in
%install it is a bit pita in the files list)
set owner of data and config dir to wwwrun:www so the webapp can write to it,
but mark config as no verify for permissions. config can be chown-ed to
root:www after the initial DB config is done.
for the average user it might be a nice thing to provide
owncloud-secure.sh/opencloud-reconfig.sh, which handle the needed chown calls.
2.
It might be a good idea to have owncloud outside of the normal documentroot and
use an alias to make it available. A /etc/apache2/conf.d/owncloud.conf might be
a good idea for this. a nice place might be /srv/www/owncloud or
/srv/www/apps/owncloud.
3.
additionally you might want to disable php support in the data dir. This could
be done within the /etc/apache2/conf.d/owncloud.conf
[[[
https://bugzilla.novell.com/show_bug.cgi?id=736764
https://bugzilla.novell.com/show_bug.cgi?id=736764#c1
--- Comment #1 from Marcus Rückert
https://bugzilla.novell.com/show_bug.cgi?id=736764
https://bugzilla.novell.com/show_bug.cgi?id=736764#c2
Marcus Rückert
https://bugzilla.novell.com/show_bug.cgi?id=736764
https://bugzilla.novell.com/show_bug.cgi?id=736764#c3
Andrej Semen
https://bugzilla.novell.com/show_bug.cgi?id=736764
https://bugzilla.novell.com/show_bug.cgi?id=736764#c7
--- Comment #7 from Marcus Rückert
https://bugzilla.novell.com/show_bug.cgi?id=736764
https://bugzilla.novell.com/show_bug.cgi?id=736764#c9
Thomas Schmidt
https://bugzilla.novell.com/show_bug.cgi?id=736764
https://bugzilla.novell.com/show_bug.cgi?id=736764#c
Marcus Rückert
https://bugzilla.novell.com/show_bug.cgi?id=736764
https://bugzilla.novell.com/show_bug.cgi?id=736764#c10
Andrej Semen
participants (1)
-
bugzilla_noreply@novell.com