Files of type ".bin" in tmp/runtime/cache-folder, file permissions

More
8 months 4 weeks ago #165550 by ATSWebmaster
ATSWebmaster created the topic: Files of type ".bin" in tmp/runtime/cache-folder, file permissions
Hello,

Not sure if this is technically a "design issue" but I have question about the cache-folder files with type .bin e.g "limesurvey/tmp/runtime/cache/0b354aa9282277cdf15f32fd9d472d54.bin"

A security plugin of Joomla-installation is complaining about the file permission of these files as they have permission of 666, and not what the plugin considers secure, which is 644.

What are these files in the first place and is the permission of 666 actually needed for them? And is there any config-option to control this?

Please Log in or Create an account to join the conversation.

More
8 months 4 weeks ago #165565 by LouisGac
LouisGac replied the topic: Files of type ".bin" in tmp/runtime/cache-folder, file permissions
this file is the CStatePersister. It's managed by the yii framework itself.

www.yiiframework.com/doc/api/1.1/CStatePersister

Please Log in or Create an account to join the conversation.

More
8 months 4 weeks ago #165597 by ATSWebmaster
ATSWebmaster replied the topic: Files of type ".bin" in tmp/runtime/cache-folder, file permissions
I see, thank you very much for the information! It seems the permissions could be changed by modifying file CFileCache.php but do you have any idea, if it is needed for everyone to have read/write permission to the cache files, and do these pose any threat to the site? I did a bit of research and it seems the original file of yii framework has set the permissions to default of the current environment.

File CFileCache.php of Limesurvey:
/**
* @var integer the permission to be set for new cache files.
* This value will be used by PHP chmod function.
* Defaults to 0666, meaning the file is read-writable by all users.
* @since 1.1.16
*/
public $cacheFileMode=0666;

From file FileCache.php of the yii framework ( github.com/yiisoft/yii2/blob/master/fram...aching/FileCache.php ):
/**
* @var int the permission to be set for newly created cache files.
* This value will be used by PHP chmod() function. No umask will be applied.
* If not set, the permission will be determined by the current environment.
*/
public $fileMode;

Please Log in or Create an account to join the conversation.

More
8 months 4 weeks ago #165609 by LouisGac
LouisGac replied the topic: Files of type ".bin" in tmp/runtime/cache-folder, file permissions
LimeSurvey use Yii1, not Yii2.

github.com/yiisoft/yii

Please Log in or Create an account to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now
Join our Newsletter!