Confirmed. A 644 is changed to a 444.
See https://github.com/joomla/joomla-cms/blob/staging/administrator/components/com_templates/models/template.php#L509

Not sure why we do that here.

If your webserver has a different user than your FTP user, then you actually should enable the FTP layer within the global Joomla configuration to avoid exactly such issues.
I guess you haven't enabled it?

As for why the file is made readonly after saving, I don't know. And it's probably not justified and could be changed. It may be to prevent overwriting in case of an update but that's just guessing and would likely not be what is expected.
The only other place I know we do that is the configuration.php file.

No you shouldnt enable the ftp layer in this case. That should only be used
for installing stuff and is not a secure thing and should never be
recommended
On 20 Feb 2015 12:08, "Thomas Hunziker" notifications@github.com wrote:

If your webserver has a different user than your FTP user, then you
actually should enable the FTP layer within the global Joomla configuration
to avoid exactly such issues.
I guess you haven't enabled it?

As for why the file is made readonly after saving, I don't know. And it's
probably not justified and could be changed. It may be to prevent
overwriting in case of an update but that's just guessing and would likely
not be what is expected.
The only other place I know we do that is the configuration.php file.

—
Reply to this email directly or view it on GitHub
#6126 (comment).

I don't have big problems with it. I was just wondering why it change by saving. In my oppinum it seems more logic they stay the same.

No you shouldnt enable the ftp layer in this case. That should only be used for installing stuff

Everytime you do file modifications, which is when you install/update extensions, upload media files or edit template files. Otherwise you get the issue that the FTP user can't edit the file created with apache user.
At least if you intend to manage the same files also directly using FTP. If not, you don't have to care about it.

In my oppinum it seems more logic they stay the same.

Agreed. Anyone wants to take that code block out?

As mentioned and even confirmed the change is made. This means the webserver has write access to the filesystem. How it got that is irrelevant to the reported issue.

Changing it to 444 protects you against yourself. It requires the file to be deleted and recreated or set to 644 for overwriting it. Agree that it might be desirable for configuration.php, but inappropriate for template files. Looks like the code needs review: it also changes the owner. Don't consider that appropriate either!

The general and usual rule for the Joomla! file system is:
files: 644
folders: 755
configuration.php: 444

I understand your thoughts about it, but why should we ignore this rules?

oepss, wrong button

Hopefully the code review will reveal the reasons for programming it this way. Explained it is trying to protect you from loosing changes, but I am not the author of this code. Object to changing owner and changing to 444, but would like to hear the motivation from the author.

Thinking about it more, slowly changing my mind in favor of the current implementation. Looking at it from the perspective of managing the template, I can live with the setting that once you used the backend to make changes you need to do something extra when using the old way.

I think the main code of the template manager is by @iamramtripathi So i hope he can have a look here and to the PR (#6131) by @n9iels

Thanks

I think we can close this issue as it is fixed.