Last modified: 2014-02-12 23:32:50 UTC
A fresh install of 1.20.2 on Ubuntu with ImageMagick. It's a shared host, and I don't have root access. I've got images hotlinked from Wikimedia Commons showing fine as thumbnails. However when I tried to upload images from the local PC I was getting "Unable to create the folder "mwstore://local-backend/local-public/ ...". Until I did chmod 777 to the images folder. Now I have all images and thumbnails working fine but also have a hole in the sites security. Is there a better way to fix this, without root permissions, than chmod 777 images/? Is this a bug?
Well... You don't need 777 if it's actually owned by the web server user, then you can use 755 or such. But on typical shared hosting that may still leave you open to other users. Frankly this is a security problem with many shared hosting environments that's just something you have to live with; unless you can reconfigure to running your web scripts under your own user account. A more 'secure' method might be to store files in database but this isn't done yet (and of course, any other web user on the machine can probably get your database usernamd and password out of your config files so... that might not be any more secure.)
The folders created under images belong to user www-data, (I can view and move these but not delete the files).
(In reply to comment #2) > The folders created under images belong to user www-data, (I can view and > move > these but not delete the files). Yes, that's the default user that apache runs as in many linux distributions.
I don't see a bug here in the MediaWiki software, hence closing as INVALID. I recommend https://www.mediawiki.org/wiki/Project:Support_desk :)