bpatrik/pigallery2

Bad permissions on files and directories in zipfile.

pheaver opened this issue · 2 comments

Description
It appears the permissions on all files and directories in the release file are 666 (-rw-rw-rw-), which means that:

  1. All users can read and write everything in the pigallery2 directory
  2. You cannot enter the directories because the executable bit is unset

Examples
Here are examples demonstrating the problem with the directory permissions. They were run inside the pigallery2 directory which I setup according to the instructions:

cd ~
wget https://github.com/bpatrik/pigallery2/releases/download/1.7.0/pigallery2.zip
unzip pigallery2.zip -d pigallery2
cd pigallery2
$ ls -l
total 224
drw-rw-rw-   5 pweaver pweaver   4096 Jan 27  2019 backend
drwxrwxrwx   5 pweaver pweaver   4096 Feb 15  2019 common
drwxrwxrwx   6 pweaver pweaver   4096 Jul 21 17:31 dist
-rw-rw-rw-   1 pweaver pweaver   1095 Jul 21 17:32 LICENSE
drwxrwxr-x 460 pweaver pweaver  20480 Sep  1 23:03 node_modules
-rw-rw-rw-   1 pweaver pweaver   1625 Jul 21 17:32 package.json
-rw-rw-r--   1 pweaver pweaver 174452 Sep  1 23:03 package-lock.json
-rw-rw-rw-   1 pweaver pweaver   9509 Jul 21 17:32 README.md
$ ls backend
ls: cannot access 'backend/Logger.js': Permission denied
ls: cannot access 'backend/server.js': Permission denied
ls: cannot access 'backend/model': Permission denied
ls: cannot access 'backend/routes': Permission denied
ls: cannot access 'backend/middlewares': Permission denied
ls: cannot access 'backend/index.js': Permission denied
ls: cannot access 'backend/ProjectPath.js': Permission denied
index.js  Logger.js  middlewares  model  ProjectPath.js  routes  server.js
$ cat backend/Logger.js
cat: backend/Logger.js: Permission denied

Workaround
This fixed the permissions and allowed me to run npm start successfully:

for i in 1 2 3 4; do
  find -maxdepth $i -type d | xargs chmod u+x,g+x # find cannot read at depth N+1 until depth N has correct permissions
done

chmod -R o-w .

Environment

  • OS: Ubuntu 18.04.3 LTS, with kernel 4.15.0-56-generic

Used app version:

  • release 1.7.0

Hi,

Thanks for the report. I'll look into it. I'm not sure if I can fix it as I'm zipping it on windows.

Best,
Patrik

Docker is the recommended way of installing this. Zipping now happens with github action.
I feel this to be obsolete. Closing it.