File Manager recursive permission change applies directory permissions to files (sets 770 on files) #1

New Issue

MrUnknownDE · 2026-04-05T20:25:16+02:00

MrUnknownDE commented

2026-04-05 20:25:16 +02:00

Originally created by @chiareu on 3/31/2026

CloudPanel version(s) affected

2.5.3

Description

When using CloudPanel File Manager to change permissions recursively on a directory, the system incorrectly applies the same permission mode to both directories and files.

Specifically, when setting a directory to 770, all contained files are also set to 770, instead of using appropriate file permissions.

Impact:

Incorrect file permissions
Potential security risk
Breaks standard permission models for WordPress and Linux systems

Technical concern:
This suggests the recursive permission logic is applying directory mode to files, instead of distinguishing between:

chmod for directories
chmod for files

Severity:
Medium to High (incorrect permission handling with security implications)

How to reproduce

Open CloudPanel File Manager
Select a folder (e.g. WordPress theme directory)
Change permissions to 770
Inspect files inside the folder

Expected behaviour:

Directories → 770
Files → 660 (or remain unchanged)

Possible Solution

Suggestion:

Separate handling for files vs directories during recursive chmod
Apply:
- directories → requested mode
- files → safe default (e.g. 644/660) or leave unchanged

Additional Context

OS: Ubuntu 24.04
CloudPanel: v2.5.3
PHP: 8.5
WordPress: latest (observed across multiple installations)

*Originally created by @chiareu on 3/31/2026* ### CloudPanel version(s) affected 2.5.3 ### Description When using CloudPanel File Manager to change permissions recursively on a directory, the system incorrectly applies the same permission mode to both directories and files. Specifically, when setting a directory to 770, all contained files are also set to 770, instead of using appropriate file permissions. **Impact:** - Incorrect file permissions - Potential security risk - Breaks standard permission models for WordPress and Linux systems **Technical concern:** This suggests the recursive permission logic is applying directory mode to files, instead of distinguishing between: - chmod for directories - chmod for files **Severity:** Medium to High (incorrect permission handling with security implications) ### How to reproduce 1. Open CloudPanel File Manager 2. Select a folder (e.g. WordPress theme directory) 3. Change permissions to 770 4. Inspect files inside the folder **Expected behaviour:** - Directories → 770 - Files → 660 (or remain unchanged) ### Possible Solution **Suggestion:** - Separate handling for files vs directories during recursive chmod - Apply: - directories → requested mode - files → safe default (e.g. 644/660) or leave unchanged ### Additional Context - OS: Ubuntu 24.04 - CloudPanel: v2.5.3 - PHP: 8.5 - WordPress: latest (observed across multiple installations)

MrUnknownDE referenced this issue

2026-04-05 20:25:51 +02:00

issue #200

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/cloudpanel-ce#1