Given the ongoing security issues that are occurring with other open source code, I’m interested to know why the code is generating unsafe directory creation - 0777 permissions?
I have plain vanilla install with no additions.
Discovered the following files with code to generate such folders …
@Stuart_Naylor34m … I call this garbage Think you are supposed to install and get going then its up to you to ensure security.
This is core code that when folders are created permissions are open to all and sundry with those permissions. From my take this is not a good look. And think this is going to offend someone … it’s sloppy coding!
@Sanook32m That sounds like you have installed it on a mounted Windows partition.
Nope it’s a LAMP install running Nextcloud 10.0.3 (production)
Nextcloud rocks don’t get me wrong … managing others spaces that get compromised and I discover this … 14 hour unproductive work for no positive outcome is rather frustrating.
So … Any thoughts about securing things so that we aren’t creating gaping holes?
@Stuart_Naylor NextCloud is installed and those files as listed generate directories with 0777 permissions.
Call me stupid but sorry they should not be set that way.
I don’t get it that I now need to find/replace this code to protect the site in addition.
Read the manual
Please provide me page details in the manual stating where I need to change all this every time a folder is created? Yes I’m a fool and cannot read!
Your comment however glib does not help me or others who read this thread.
As an admin I see little point in having to constantly monitor sites to ensure permissions are as they should be, when this isn’t necessary.
Already have “strong permissions” per that link … by default
My issue is I need to constantly monitor and update this.
Yes I can edit all that code
Others are not aware
How about this alert is used positively … rather than chucking mud?
I haven’t got round to checking, but I do know during updates you might have to relax security and then just run a script to make it secure.
Its documented and I posted that but have not got round to doing what Sanook did on linux yet.
He states there isn’t any 777 perms and all the folders you listed are on install and covered and its untrue that this will happen on every folder creation.
I dunno, I am sure others might comment, maybe we should wait to see?
Ok so the fool at this end is asking … why are those permissions not set securely from the get go?
Why 777 and not 755 by default?
I don’t see that as rocket science.
This isn’t personal as some are taking it.
Best fix it from the get go and not patch up later.
@Sanook I’m chasing down holes in a client server space and NextCloud is 1 of 3 codes spaces with holes.
If I don’t raise it here and NextCloud is seen to have issues I fail.
All those files have the ability to create folders with 0777 … not a good look
Let’s fix it and ensure it doesn’t happen in next updates?
I call this fix it or fail!
After looking and haven’t locked down this install yet or done any of the maintenance scripts, that on a clean install find /var/www/ -perm 0777 returns nothing