MovableType Script Installer & Permissions

Hey all,

The MovableType 4.25 script installer installs all directories with permissions of 777 and files with 666.

This does not sound safe, at all, to say the least!

Or, under VM, is that somehow safe? I can’t see how it can be, but I’m willing to listen. :slight_smile:


I don’t think folders with 777 are safe at all. per haps create a ticket in the issue tracker?

Hey Ronald,

No, it’s very unsafe indeed, unless VM is doing something that I’m not aware of, but I don’t see how it can be, really.

I have corrected all folders and files now by adding dirUMASK and HTMLUmask to mt.config, with both set to 0022, and then deleting all previously published files/folders except the mt folder, and then republishing everything.

However, it would seem that someone who did not know MT and it’s installation quite so well could easily end up in a world of trouble with the default install permissions.

i’ll wait until later and if Eric or Joe, or Jamie don’t reply I’ll add it to the issue tracker.

Security concerns are best handled in the ticket tracker.

666 permissions never makes sense…so it’s definitely not correct if the installer is producing files with those permissions.

Apps are executed as the user, so the last field can always be 0 without interfering with the app.

Hi Joe,

Feel free to move this to the issue tracker if you want to. If that isn’'t possible, then also feel free to delete this thread entirely and redo it as an issue. I’ll keep an eye on it over on the tracker.