Wrong default permissions after composer install #13048
Description
I believe that there is a problem with the permissions set by many modules.
I checked some of our productions platform this morning and they all have this permission problem.
And setting the permissions with the find command as documented will only fix the group permissions, not the permissions for other users.
Preconditions
- magento 2.3.4 composer installation
Steps to reproduce
- Check that you umask is correct, otherwise set it to distribution default:
$ umask
0002
$ umask 0002 - composer create-project --repository-url=https://repo.magento.com/ magento/project-community-edition
Expected result
- No file should be world writable. The following command in the project should return no result:
find -perm -o+w -not -type l
Actual result
- $ find -perm -o+w -not -type l | wc -l
45415
Sample file with wrong permissions:
-rw-rw-rw- 1 x2i www-data 1370 Feb 4 10:28 vendor/magento/magento2-base/index.php
Sample file with good permissions:
-rw-r--r-- 1 x2i www-data 2378 Feb 4 2020 .vendor/magento/zendframework1/library/Zend/Date/DateObject.php