Looking through the Osclass installation directory, I noticed that for some reason all the files under oc-content/plugins/ and oc-content/themes/  have the exec bit set. Why?

For instance:

#  ls -al plugins/qrcode/
razem 28
drwxr-xr-x  4 www-data www-data 4096 02-07 22:16 .
drwxr-xr-x 10 root     www-data 4096 02-14 11:40 ..
-rwxr-xr-x  1 www-data www-data 1921 02-08 23:43 conf.php
-rwxr-xr-x  1 www-data www-data 1053 02-08 23:43 help.php
-rwxr-xr-x  1 www-data www-data 3739 02-08 23:43 index.php
drwxr-xr-x  3 www-data www-data 4096 02-07 22:16 languages
drwxr-xr-x  5 www-data www-data 4096 02-07 22:16 lib

I removed the exec bit for all files (not directories), but for some reason the bit showed up again.

All I can think of is the Market that does this. Any other ideas?

Do you mean execute permissions (644)?
These are rechecked ie when you doing update.

-rwxr-xr-x on php/js/images isn't 644, but 755, And the question is where this comes from? I had to issue the following command to make sure none of the files have exec permissions:

# find /var/www/html/osclass/ -name "*" -executable -type f -exec chmod -x {} \;
But when (probably) I used the Market to download/remove plugins, again the execs appeared. So that's why I'm asking. So far I stopped using the Market altogether, and it looks like the exec permissions didn't come back. Or maybe some other functionality of Osclass adds the execs for themes/plugins files?

Can you set folder permissions on file? Was not aware of it.
Yes download can make permissions to be checked before download starts, so it is possible to deliver file to target place.

Can you set folder permissions on file? Was not aware of it.
Yes download can make permissions to be checked before download starts, so it is possible to deliver file to target place.

Yes, I'm in charge of the whole VPS with Debian installed, so it's not an issue, but this is very dangerous to make the files be execs for everyone whenever you install/remove from the Market.

Also uploading images adds execs to them:

# ls -al /var/www/html/osclass/oc-content/uploads/0/21*
-rwxr-xr-x 1 www-data www-data   53043 02-15 08:20 /var/www/html/osclass/oc-content/uploads/0/21.jpg
-rwxr-xr-x 1 www-data www-data 2162842 02-15 08:20 /var/www/html/osclass/oc-content/uploads/0/21_original.jpg
-rwxr-xr-x 1 www-data www-data   31195 02-15 08:20 /var/www/html/osclass/oc-content/uploads/0/21_preview.jpg
-rwxr-xr-x 1 www-data www-data   10996 02-15 08:20 /var/www/html/osclass/oc-content/uploads/0/21_thumbnail.jpg
Is there a way to fix this?

Osclass will set 644 (that does not mean executable) on files and 755 on folders.
You may review function osc_change_permissions that is in utils.php

I'm not a programmer, but Osclass clearly sets 755 on regular files that it creates/modifies.

Try to go to oc-includes/osclass/utils.php

Find this line:
if (!is_writable(osc_replace_double_slash($dir . '/' . $file))) {
And change it to:
if (is_dir(osc_replace_double_slash($dir . '/' . $file)) && !is_writable(osc_replace_double_slash($dir . '/' . $file))) {
Then in same file you can also review this function:
function osc_copy($source, $dest, $options = array('folderPermission' => 0755, 'filePermission' => 0755)) {


filePermission you can try 0644, but not sure how it impacts PHP files

Yes, this helped. Osclass now creates 644 in uploads:

# ls -al /var/www/html/osclass/oc-content/uploads/0/23*
-rw-r--r-- 1 www-data www-data 2865525 02-15 11:50 /var/www/html/osclass/oc-content/uploads/0/23_original.png
-rw-r--r-- 1 www-data www-data  619644 02-15 11:50 /var/www/html/osclass/oc-content/uploads/0/23.png
-rw-r--r-- 1 www-data www-data  347548 02-15 11:50 /var/www/html/osclass/oc-content/uploads/0/23_preview.png
-rw-r--r-- 1 www-data www-data  105179 02-15 11:50 /var/www/html/osclass/oc-content/uploads/0/23_thumbnail.png

filePermission you can try 0644, but not sure how it impacts PHP files

PHP/JS/IMAGE files shouldn't be exec.

I haven't testet the market yet. Should it be the same for it, or something else should be changed?

Which one helped?

Which one helped?

I changed both, but I think the second would suffice. I'll check it in a moment.

Yes, the second one alone does the job.

So basically it should be:

function osc_copy($source, $dest, $options = array('folderPermission' => 0755, 'filePermission' => 0644)) {

@morfik
Cool

Indeed all uploads are show as 755. Good catch.

Edit: actually not all. Some are 755 for some reason (=uploads after Osclasspoint update) and others correctly 644 (probably old uploads before Osclasspoint release)