Uploaded files have wrong permissions - known problem but customers weren't notified?

[davidwwatts]

Today, I uploaded html files to my web space but instead of all files getting 0644 permissions, they were given 0600 permissions.

I opened a ticket and was told:

"Unfortunately we were forced to temporary restrict some of the server commands (such as chmod, chown, gcc, cc) due to the latest security vulnerability in Linux kernel. All settings will be reverted back after we update kernels on all our Linux servers. This issue should be resolved within next several days. We can help you to "chmod" or "chown" your files before we update kernels. Please specify which files should be modified and we will do it for you.

Please accept our apologies for any inconveniences caused to you.
Thank you for your understanding."

It is fair enough that you guys have to do this sort of thing to maintain security, but my concern is this:

I expect that this sort of information is critical to most/all of your customers. However I know I didn't receive any email about such a major restriction as this, even if it is only a temporary one. If I had received such an email then it would have saved me opening a ticket so it would have saved the WHB helpdesk time and effort too.

Why can't this sort of information be sent out to all customers? This is the sort of thing I'd want to be told proactively, not reactively.

BTW, I don't consider posting to the Company forum enough. This is something that everyone uploading new files will experience, so an email sent to all of us would be really worthwhile - for both WHB and it's customers. Please consider more proactive measures.

David.

[Tony]

So when did this actually happen? We noticed our TinyMCE editor not working a couple days ago. I was about to update the CMS, but I guess now would be a bad time.?


edit: Yes, my CMS 'modules' folder was 0777. I changed it back to 0755 and TinyMCE is working now.

[Lena S.]

There is a notification about this issue which was posted in this thread:

http://www.webhostingbuzz.com/forum/...el-issues.html

[Tony]

Thanks Lena. But my question was: When was this actually implemented? I'm not at all sure my trouble was related.

No question changing perms is going to break an awful lot of things.

[Sergey S.]

It was implemented on Sunday (Aug 16).

[davidwwatts]

Lena, your response is exactly my point. All WHB did about this notifying customers (one that probably affects everyone uploading content via FTP) was to post something to one of the forums. It should have been a notice sent out via email to everyone.
David.

[Sergey S.]

Dear Davidwwatts,
please subscribe to our Company Announcements Forum
(http://www.webhostingbuzz.com/forum/...announcements/)
and to the Forum of your server to receive the automatic e-mail notifications about the announcements.
(Forum Tools->Subscribe to this Forum)

[davidwwatts]

Sergey, I note that the Company Announcements forum has the description "Non-service affecting announcements can be found in here". Is this really place where all customers should be monitoring to get notification of this type of problem?

[Alan B]

Usually it's recommended that you subscribe to the forum for your particular server.

[davidwwatts]

Thanks Alan. I am already subscribed to the server forum. But that's the irony of it - there was nothing posted there about this issue, and there still isn't.

[Tony]

Good point. I hadn't thought to subscribe to Company Announcements. But I am now. I suppose the description needs to be changed.

I see nothing wrong with announcements on the forum, now that the forum allows instant email subscriptions. Better than trying to keep a manually updated email list. But there should be a sticky or announcement pointing out the two forums you should subscribe to in this way.

[9toes]

Is there any indication of if/when this will be corrected?

[Sergey S.]

We have updated Kernels on several servers already, but there are still more left.
Unfortunately the procedure varies from server to server and on some of the servers the initial several attempts were not successful.
We are constantly working on fixing the rest of the servers.
As soon as the kernels are updated we will update the server forums and will fix the permissions.

Please once again accept our apologies for the inconveniences this is causing you.