SID-01569: Ok to add group write permissions to skin files

Status:	Answered	TWiki version:	5.1.1	Perl version:	5.14.2-6ubuntu2.1
Category:		Server OS:	Ubuntu 12.04	Last update:	13 years ago

Is it ok to change the permissions on the skins files so that members of the group (in my case, www-data) can write the files?

I would like to be able to edit the templates and skins using sftp from my local machine, but I don't know how to log in as www-data (or even its possible). I can make myself a member of the www-data group, though. As it is now, only the owner www-data can write these files. Will I be doing something risky if I add group write permissons?

-- BenDugan - 2012-10-24

Discussion and Answer

I just re-read my question and its not as clear as it could be!

I do know how to log in and edit any file on my server. But for convenience I would like to use a sftp file sharing setup where I can edit things using my desktop editor rather than, say, emacs in an ssh terminal.

I have this working now by adding the group-write permissions. But I am wondering if you think that is a bad idea from a security standpoint.

Thanks.

-- BenDugan - 2012-10-24

Never enable a shell for the apache user, that would be a security hole. I believe it is OK to have another user in the same group with shell access.

You could consider a TWiki approach to update the skin files: Define a fixed skeleton template that includes the guts of the skin as files attached to a TWiki topic. For example, a view.foo.tmpl file could include %PUBURL%/%SYSTEMWEB%/FooPlugin/view.tmpl. That way, skin designers can simply attached updated skin files (templates, css, images) to the FooPlugin topic.

-- PeterThoeny - 2012-10-25

The TWiki approach you mention sounds very convenient and helpful, especially since it would consolidate all of the various files that affect the appearance in one place. I'll look into this.

-- BenDugan - 2012-10-25

Ben, please consider contributing back an improved skin infrastructure for TWiki based on the ideas discussed. See also related SimplifySkinCreation.

-- PeterThoeny - 2012-10-25

Peter, I will definitely give this some thought and I may be able to help. I have been a long time day-in, day-out user of twiki and I really feel a debt to you and the other contributors for providing it.

-- BenDugan - 2012-10-25

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.