Bad permissions on files and directories in zipfile. #98
Description
Description
It appears the permissions on all files and directories in the release file are 666 (-rw-rw-rw-), which means that:
- All users can read and write everything in the pigallery2 directory
- You cannot enter the directories because the executable bit is unset
Examples
Here are examples demonstrating the problem with the directory permissions. They were run inside the pigallery2 directory which I setup according to the instructions:
cd ~
wget https://github.com/bpatrik/pigallery2/releases/download/1.7.0/pigallery2.zip
unzip pigallery2.zip -d pigallery2
cd pigallery2
$ ls -l
total 224
drw-rw-rw- 5 pweaver pweaver 4096 Jan 27 2019 backend
drwxrwxrwx 5 pweaver pweaver 4096 Feb 15 2019 common
drwxrwxrwx 6 pweaver pweaver 4096 Jul 21 17:31 dist
-rw-rw-rw- 1 pweaver pweaver 1095 Jul 21 17:32 LICENSE
drwxrwxr-x 460 pweaver pweaver 20480 Sep 1 23:03 node_modules
-rw-rw-rw- 1 pweaver pweaver 1625 Jul 21 17:32 package.json
-rw-rw-r-- 1 pweaver pweaver 174452 Sep 1 23:03 package-lock.json
-rw-rw-rw- 1 pweaver pweaver 9509 Jul 21 17:32 README.md
$ ls backend
ls: cannot access 'backend/Logger.js': Permission denied
ls: cannot access 'backend/server.js': Permission denied
ls: cannot access 'backend/model': Permission denied
ls: cannot access 'backend/routes': Permission denied
ls: cannot access 'backend/middlewares': Permission denied
ls: cannot access 'backend/index.js': Permission denied
ls: cannot access 'backend/ProjectPath.js': Permission denied
index.js Logger.js middlewares model ProjectPath.js routes server.js
$ cat backend/Logger.js
cat: backend/Logger.js: Permission denied
Workaround
This fixed the permissions and allowed me to run npm start successfully:
for i in 1 2 3 4; do
find -maxdepth $i -type d | xargs chmod u+x,g+x # find cannot read at depth N+1 until depth N has correct permissions
done
chmod -R o-w .
Environment
- OS: Ubuntu 18.04.3 LTS, with kernel 4.15.0-56-generic
Used app version:
- release 1.7.0