Description

During the HelpOnInstalling/BasicInstallation, thirteen files are installed with non-standard permissions. Eleven of these files cannot be read by normal users.

Additionally, all the files under site-packages/MoinMoin are installed with -rw-r--r-- rights, even if about 30 of them had execution rights in the source tarball. Arguably, the files in the scripts directory (and perhaps util/antispam.py and version.py, too) should keep their execution rights when they are installed.

Steps to reproduce

  1. mkdir root

  2. tar -xzf moin-1.3.0.tar.gz

  3. cd moin-1.3.0/

  4. python setup.py install --prefix=/usr --root=../root --record=../log

  5. cd ../root

  6. cd usr/share/moin  (to unclutter output below)

  7. find . -type f ! -perm 755 ! -perm 644 -ls

  8. cd ../lib

  9. find . -type f -perm 755 (nothing is found)

Example

-rw-rw---- 1 root root 5040 Dec  6 01:51 ./data/intermap.txt
-rw-rw---- 1 root root  240 Nov  1 00:58 ./data/cache/README
-rw-rw---- 1 root root  127 Nov  1 00:58 ./data/plugin/__init__.py
-rw-rw---- 1 root root  115 Nov  1 00:58 ./data/plugin/action/__init__.py
-rw-rw---- 1 root root  115 Nov  1 00:58 ./data/plugin/formatter/__init__.py
-rw-rw---- 1 root root  115 Nov  1 00:58 ./data/plugin/macro/__init__.py
-rw-rw---- 1 root root  115 Nov  1 00:58 ./data/plugin/parser/__init__.py
-rw-rw---- 1 root root  115 Nov  1 00:58 ./data/plugin/processor/__init__.py
-rw-rw---- 1 root root  115 Nov  1 00:58 ./data/plugin/theme/__init__.py
-rw-rw---- 1 root root  115 Nov  1 00:58 ./data/plugin/xmlrpc/__init__.py
-rw-rw---- 1 root root  239 Nov  1 00:58 ./data/user/README
-rwxrwxr-x 1 root root  854 Nov 10 22:01 ./server/mointwisted
-rw-rw-r-- 1 root root 2612 Nov 18 23:28 ./server/mointwisted.py

Details

MoinMoin Version

MoinMoin 1.3.0

OS and Version

Slackware Linux 10.0

Python Version

Python 2.3.4

Server Setup

(none yet)

Server Details

(none)

Workaround

  1. cd usr/share/moin

  2. chmod 644 data/intermap.txt data/cache/README data/user/README

  3. chmod 644 data/plugin/__init__.py data/plugin/*/__init__.py

  4. chmod 755 server/mointwisted

  5. chmod 644 server/mointwisted.py

Discussion

This is a minor problem, since most users set up wiki instances as root, and normal users can download the tarball in their home directory to extract the missing file.

The addition is also a minor problem, since root users can change the rights of the scripts, and normal users can copy the files and change the permissions of the copies.

Plan

CategoryMoinMoinBugFixed

MoinMoin: MoinMoinBugs/BadFilePermissions (last edited 2007-10-29 19:06:40 by localhost)