You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This request is not a duplicate of an existing issue
I have read the docs and followed them (if applicable)
I have seached the Roots Discourse for answers and followed them (if applicable)
This is not a personal support request that should be posted on the Roots Discourse community
Description
What's wrong?
Every time I deploy, either to Kinsta, custom server or Trellis managed server, the web/app folder from bedrock gets permissions 0777.
If I override the project_shared_children var in my trellis/group_vars/production/main.yml file to share some files and folders across deploys, then I get the web/app folder chmod 0777 and the web folder also with 0777.
Maybe I'm wrong, but I think applying 0777 to a folder is too permisive and this should be changed to 0755
This is the disourse topic related to this issue I've opened almost a year ago. I don't know how no one have seen this before. Maybe I'm the only one that has the problem.
If I don't override the project_shared_children var then only the web/app folder has 0777.
If I override the project_shared_children var then web and web/app folder both two have 0777.
Using the mode option in project_shared_children doesn't work as this is related to the parent folder:
I have some sites with Trellis v1.4.0 (I know...) and the deploys don't have that problem, so I guess a revert or setting that line to 0755 would do the fix.
Terms
Description
What's wrong?
Every time I deploy, either to Kinsta, custom server or Trellis managed server, the web/app folder from bedrock gets permissions 0777.
If I override the project_shared_children var in my trellis/group_vars/production/main.yml file to share some files and folders across deploys, then I get the web/app folder chmod 0777 and the web folder also with 0777.
Maybe I'm wrong, but I think applying 0777 to a folder is too permisive and this should be changed to 0755
This is the disourse topic related to this issue I've opened almost a year ago. I don't know how no one have seen this before. Maybe I'm the only one that has the problem.
https://discourse.roots.io/t/deploy-places-web-and-app-folder-777/21087
What have you tried?
I think this line is the culprit, as if I change it in my trellis install then the web and web/app folders get 0755 as I think they should...
trellis/roles/deploy/tasks/share.yml
Line 43 in e497cfe
If I don't override the project_shared_children var then only the web/app folder has 0777.
If I override the project_shared_children var then web and web/app folder both two have 0777.
Using the mode option in project_shared_children doesn't work as this is related to the parent folder:
trellis/roles/deploy/defaults/main.yml
Line 32 in e497cfe
What insights have you gained?
Maybe all our websites are a bit exposed to attackers.
Possible solutions
Change this line
trellis/roles/deploy/tasks/share.yml
Line 43 in e497cfe
to 0755
Temporary workarounds
Change this line
trellis/roles/deploy/tasks/share.yml
Line 43 in e497cfe
to 0755
Steps To Reproduce
Just deploy using trellis and see the permissions of web/app on bedrock.
I you override the project_shared_children var in your trellis/group_vars/production/main.yml file with something like this:
...then you'll get web and web/app folder with 0777.
Expected Behavior
web/app folder to be 0755
Actual Behavior
web/app folder is 0777
Relevant Log Output
No response
Versions
Trellis v1.15.0 - OSX 10.15.7
The text was updated successfully, but these errors were encountered: