You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by ic...@apache.org on 2019/03/18 16:05:04 UTC

svn commit: r1855777 - in /httpd/httpd/trunk: CHANGES modules/md/md_util.c

Author: icing
Date: Mon Mar 18 16:05:04 2019
New Revision: 1855777

URL: http://svn.apache.org/viewvc?rev=1855777&view=rev
Log:
  *) mod_md: Explicitly setting file permissions to break out of umasks. We want our
     non-privilegded apache user to be able to read them. See github issue
     <https://github.com/icing/mod_md/issues/117>. [Stefan Eissing] 


Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/md/md_util.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1855777&r1=1855776&r2=1855777&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Mar 18 16:05:04 2019
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.1
 
+  *) mod_md: Explicitly setting file permissions to break out of umasks. We want our
+     non-privilegded apache user to be able to read them. See github issue
+     <https://github.com/icing/mod_md/issues/117>. [Stefan Eissing] 
+  
   *) Merge consecutive slashes in URL's. Opt-out with `MergeSlashes OFF`. 
      [Eric Covener]
 

Modified: httpd/httpd/trunk/modules/md/md_util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/md_util.c?rev=1855777&r1=1855776&r2=1855777&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/md/md_util.c (original)
+++ httpd/httpd/trunk/modules/md/md_util.c Mon Mar 18 16:05:04 2019
@@ -312,6 +312,13 @@ apr_status_t md_text_fcreatex(const char
     if (APR_SUCCESS == rv) {
         rv = write_text((void*)text, f, p);
         apr_file_close(f);
+        /* See <https://github.com/icing/mod_md/issues/117>: when a umask
+         * is set, files need to be assigned permissions explicitly.
+         * Otherwise, as in the issues reported, it will break our access model. */
+        rv = apr_file_perms_set(fpath, perms);
+        if (APR_STATUS_IS_ENOTIMPL(rv)) {
+            rv = APR_SUCCESS;
+        }
     }
     return rv;
 }