You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To allow the user that has installed ghost to edit files within the /content folder it is necessary to add the currently active user to the ghost group. This behaviour was removed in #296 because the user needs to log out and in again to activate the new group.
Ghost folder & file permissions #294 is important so that we are not accidentially give execution permissions to an uploaded file. This could lead to an exploit being uploaded via the file upload and executed via a vulnerability in another service running on the same machine.
add a warning that the user needs to log out/in to acquire group permissions
The text was updated successfully, but these errors were encountered:
To allow the user that has installed ghost to edit files within the
/content
folder it is necessary to add the currently active user to theghost
group. This behaviour was removed in #296 because the user needs to log out and in again to activate the new group.Changes required:
ghost
group (removed here: c499480#diff-39682f6dabedcf585eccc2dc12de55d8L42)/content
folder (see Ghost folder & file permissions #294)The text was updated successfully, but these errors were encountered: