Page 1 of 1

Strict permissions on /var/tmp/* folders created

Posted: 06 Aug 2010, 17:45
by Megra
Some temporary files are stored in /var/tmp/{simplepie-ttrss-cache,magpie-ttrss-cache} by defaults.

I would recommend giving strict permissions to those directories and give no right to the "others" group.
Thus, you'll need to make the following changes to TTR:

Replace:
./www/functions.php:637: mkdir(SIMPLEPIE_CACHE_DIR);
By:
mkdir(SIMPLEPIE_CACHE_DIR, 0750);

Replace:
./www/lib/magpierss/rss_cache.inc:34: $status = @mkdir( $this->BASE_CACHE, 0755 );
By:
$status = @mkdir( $this->BASE_CACHE, 0750 );


Another solution would be to keep temporary files under the TTR folder, locked by an HTACCESS file (deny from all). But that's the first solution described earlier seems better.

Re: Strict permissions on /var/tmp/* folders created

Posted: 04 Nov 2010, 17:32
by fox
Another solution would be to keep temporary files under the TTR folder, locked by an HTACCESS file (deny from all).


Fixed in trunk in this fashion.