From e899e4edd97c296a29b2a8da2c2e3b598622c36e Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Mon, 6 Feb 2023 15:42:53 +0100 Subject: More robust application of access permissions (#5062) * More robust application of access permissions We were in particular missing directory traversal `+X` in our current recommendations. Extracted to own shell script so it can easily be invoked. Update access permissions in Docker to account to be more robust. #fix https://github.com/FreshRSS/FreshRSS/discussions/5037 * Minor simplification * Restrict mkdir permissions Default mkdir permissions are 0777, which is not good for security, so downgrade to 0770. --- docs/en/admins/07_LinuxUpdate.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'docs/en/admins/07_LinuxUpdate.md') diff --git a/docs/en/admins/07_LinuxUpdate.md b/docs/en/admins/07_LinuxUpdate.md index 834dfaaef..27e8ef451 100644 --- a/docs/en/admins/07_LinuxUpdate.md +++ b/docs/en/admins/07_LinuxUpdate.md @@ -64,7 +64,7 @@ If your local user doesn’t have write access to the FreshRSS folder, use a sud 6. Re-set correct permissions so that your web server can access the files ```sh - chown -R :www-data . && chmod -R g+r . && chmod -R g+w ./data/ + cli/access-permissions.sh ``` ## Using the Zip archive @@ -91,7 +91,7 @@ If your local user doesn’t have write access to the FreshRSS folder, use a sud 5. Re-set permissions ```sh - chown -R :www-data . && chmod -R g+r . && chmod -R g+w ./data/ + cli/access-permissions.sh ``` 6. Clean up the FreshRSS directory by deleting the downloaded zip and the temporary directory -- cgit v1.2.3