Improper Permissions Set

[salguod]

On my MT blog, I have templates set up for each side menu. I've names them 'alpha.php' for the left menu and 'gamma.php' for the right. I then use server side includes in my main and archive indexes to include those files.

 

For some reason, after the switch to TCH, the files are being created with '666' permissions instead of '644'. This prevents them from being included properly. This was not an issue with my old host.

 

Any ideas why this is happening?

[salguod]

Turns out that ALL my files are being created with 666 permissions!

[TweezerMan]

The permissions that MT sets on files is controlled by the HTMLUmask setting in your mt-config.cgi file (or mt.cfg). The default setting for HTMLUmask is 0111, which results in file permissions of 0666.

 

In your mt-config.cgi / mt.cfg file, the HTMLUmask setting should be present, but is probably commented out (has a "#" at the beginning of the line):

># HTMLUmask 0022

If you remove the "#" from the beginning of the line, MT will use the HTMLUmask setting of '0022' and this will make MT create your weblog pages with 0644 permissions instead of 0666.

 

There's 3 other settings that should be listed with HTMLUmask (also probably commented out): DBUmask, UploadUmask, and DirUmask.

 

DBUmask is useful only if you're using BerkeleyDB for your database (which you're not).

 

UploadUmask controls the permissions on files that you upload to the server with MT's "Upload File" function (such as images).

 

DirUmask controls the permission on new directories that MT creates (such as new directories for each month or year of your weblog's archive pages).

 

If you uncomment HTMLUmask, I'd recommend also uncommenting UploadUmask, so uploaded files will also be given 0644 permissions, and DirUmask, so new directories will be given 0755 permissions (instead of the default 0777, which is not very secure).

 

After making the above changes, the settings in your mt-config.cgi / mt.cfg file should look like this:

># DBUmask 0022
HTMLUmask 0022
UploadUmask 0022
DirUmask 0022

This should resolve your issue.

[salguod]

Thanks. I was headed down that path when I got your reply.

 

I made those changes and rebuilt my site, but it did not change my archives to 664, they are still at 666. Why?

 

The MT documentation and the comments of mt-config.cgi say that the umask settings should only be changed if I'm running MT under cgiwrap or suexec. Is that the case with TCH?

 

If not, can I set this instead and accomplish the same thing?

 

>HTMLPerms 0644
UploadPerms 0644

[salguod]

Nevermind. I deleted all my shtml files and rebuilt the site again and the proper permissions were set this time. I'm not sue why it didn't change the permissions on the existing files, but it seems OK now.

[TweezerMan]

I made those changes and rebuilt my site, but it did not change my archives to 664, they are still at 666. Why?

Just a guess here, but I suspect the permissions on your files did not change because MT detected that the rebuilt files were identical to what was already on the server, so it skipped writing the files. This is normal and expected behavior for MT, as it preserves the "file modified" date on your weblog pages that have not changed (this keeps web browser caches working correctly, for example).

 

I'd recommend deleting all of your weblog pages, then immediately rebuild your entire weblog to recreate your files with the proper permissions (which I see you did in your last post).

 

The MT documentation and the comments of mt-config.cgi say that the umask settings should only be changed if I'm running MT under cgiwrap or suexec. Is that the case with TCH?

Yes, it is.

 

If not, can I set this instead and accomplish the same thing?

>HTMLPerms 0644
UploadPerms 0644

You can, but it's not the recommended way to do it. The HTMLPerms and UploadPerms setting were intended for situations where you needed to set executable permissions for your files, such as creating PHP files that need 0755 permissions. Also, neither of these settings affect directory permissions - the DirUmask setting is the only way to control them.