Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

Files of type ".bin" in tmp/runtime/cache-folder, file permissions

  • ATSWebmaster
  • ATSWebmaster's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
6 years 1 week ago #165550 by ATSWebmaster
Hello,

Not sure if this is technically a "design issue" but I have question about the cache-folder files with type .bin e.g "limesurvey/tmp/runtime/cache/0b354aa9282277cdf15f32fd9d472d54.bin"

A security plugin of Joomla-installation is complaining about the file permission of these files as they have permission of 666, and not what the plugin considers secure, which is 644.

What are these files in the first place and is the permission of 666 actually needed for them? And is there any config-option to control this?
The topic has been locked.
  • LouisGac
  • LouisGac's Avatar
  • Visitor
  • Visitor
6 years 1 week ago #165565 by LouisGac
this file is the CStatePersister. It's managed by the yii framework itself.

www.yiiframework.com/doc/api/1.1/CStatePersister
The topic has been locked.
  • ATSWebmaster
  • ATSWebmaster's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
6 years 1 week ago #165597 by ATSWebmaster
I see, thank you very much for the information! It seems the permissions could be changed by modifying file CFileCache.php but do you have any idea, if it is needed for everyone to have read/write permission to the cache files, and do these pose any threat to the site? I did a bit of research and it seems the original file of yii framework has set the permissions to default of the current environment.

File CFileCache.php of Limesurvey:
/**
* @var integer the permission to be set for new cache files.
* This value will be used by PHP chmod function.
* Defaults to 0666, meaning the file is read-writable by all users.
* @since 1.1.16
*/
public $cacheFileMode=0666;

From file FileCache.php of the yii framework ( github.com/yiisoft/yii2/blob/master/fram...aching/FileCache.php ):
/**
* @var int the permission to be set for newly created cache files.
* This value will be used by PHP chmod() function. No umask will be applied.
* If not set, the permission will be determined by the current environment.
*/
public $fileMode;
The topic has been locked.
  • LouisGac
  • LouisGac's Avatar
  • Visitor
  • Visitor
6 years 1 week ago #165609 by LouisGac
LimeSurvey use Yii1, not Yii2.

github.com/yiisoft/yii
The topic has been locked.

Lime-years ahead

Online-surveys for every purse and purpose