Fog Creek Software
Discussion Board




Knowledge Base
Documentation
Terry's Tips
Darren's Tips

file permissions and CityDesk

Joel posted in May 31, 2003:

"CityDesk doesn't set permissions.

But... if you are uploading to a Unix/Linux server, and the folder you're putting things has the right permissions, those permissions will inherit to new things put in the folder."

...however, I this does not work for me.  I just created a test article and published it into a folder with preset permissions, and here are the permissions of each:

folder: 745
file inside folder: 644

I tried this again in another folder with 745 permissions and the file still uploads as 644.

My server is Linux/Unix (Apache version 1.3.29)

I'm wondering if this works for others (which I assume it does) and what might be the problem for me?

...

Slightly off topic, but assuming I cannot solve the above problem, a solution would be to create a cronjob that sets all the files and folders to 745 every day.  (Is there a better solution?)

www.MatthewDoucette.com
Tuesday, July 27, 2004

This is because of something called a umask on Unix.  Your user account on the webserver has it set so when you create new files, they have a specific permission.  If you want that changed, you need to reset your umask to something else (which is fairly technical).


See http://www.mkssoftware.com/docs/man1/umask.1.asp for a deeper explanation.

Michael H. Pryor
Fog Creek Software
Tuesday, July 27, 2004

What problem are you having???

There's a Unix permissions good tutorial at http://www.analysisandsolutions.com/code/chmod.htm. 

644 is pretty common for contents files.  Your user can read and write files, users in the same group can only read files, and others can only read files (Not that for security purposes, no one can execute these files). 

This setting should be correct unless you are storing CGI scripts in CityDesk, in which case the user account used by the web server needs to have execute privledge.

To change the default umask for your user, you need to 1) know what Unix shell is the default shell for your user account, 2) know what the startup file for that shell is, and 3) put a umask ### (like umask 022) command in your shell startup file for that user account. 

You may have to have your ISP do this for you.

David Burch
Tuesday, July 27, 2004

BTW: Look for an existing umask statement in the .login or .cshrc file in your user's home directory. 

David Burch
Tuesday, July 27, 2004

Doesn't FTP prevent you from uploading files and making them executable, regardless of your umask? It does this as a security measure, just in case somebody uploaded a malicious file called 'ls' or something that a user could accidentally run.

Darren Collins
Tuesday, July 27, 2004

What I want to do is have all my files parse for server side includes (SSIs) so that I can execute simple CGI scripts (such as a counter) that I write myself.

According to Joel, if I set the directory to 745, any file being uploaded will inherit those permissions.  Thanks for the suggestions so far, I will check them out when I get back to my work computer.

To further explain... Darren notice that 745 has the "x-bit" set, or the "executable bit".  I need it set because I enable SSIs using the "xbithack" method, which basically means that any file with the x-bit enable, while xbithack is enable, will be parsed by the server for SSIs.  If Darren is right, and FTP cannot upload a file with the x-bit enabled, then Joel's suggestion does not work for me.

An alternate solution could be CityDesk uploading the files with .shtml extensions to enable SSI parsing.

www.MatthewDoucette.com
Tuesday, July 27, 2004

It may be that different FTP applications handle the executable security issue differently. I'm not sure - your best bet is to simply try different stuff and see what happens.

Darren Collins
Tuesday, July 27, 2004

In my experience, files never inherit the permissions of the parent folder, they have always been lesser permissions.  Perhaps because of the umask.

David Burch
Wednesday, July 28, 2004

I you have shell access, telnet or ssh to the server, cd to the folder and "touch a file" (touch testfile.html).  Then do an ls -l testfile.html and see if the results match what you are seeing with FTP.  If so, FTP has nothing to do with it.

David Burch
Wednesday, July 28, 2004

David, it took a while, but I have no shell access :(

Matthew Doucette
___________________________
http://www.sawtoothdistortion.com/

Matthew Doucette
Thursday, August 05, 2004

*  Recent Topics

*  Fog Creek Home