You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ic...@apache.org on 2019/03/18 16:05:04 UTC
svn commit: r1855777 - in /httpd/httpd/trunk: CHANGES modules/md/md_util.c
Author: icing
Date: Mon Mar 18 16:05:04 2019
New Revision: 1855777
URL: http://svn.apache.org/viewvc?rev=1855777&view=rev
Log:
*) mod_md: Explicitly setting file permissions to break out of umasks. We want our
non-privilegded apache user to be able to read them. See github issue
<https://github.com/icing/mod_md/issues/117>. [Stefan Eissing]
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/md/md_util.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1855777&r1=1855776&r2=1855777&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Mar 18 16:05:04 2019
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.1
+ *) mod_md: Explicitly setting file permissions to break out of umasks. We want our
+ non-privilegded apache user to be able to read them. See github issue
+ <https://github.com/icing/mod_md/issues/117>. [Stefan Eissing]
+
*) Merge consecutive slashes in URL's. Opt-out with `MergeSlashes OFF`.
[Eric Covener]
Modified: httpd/httpd/trunk/modules/md/md_util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/md_util.c?rev=1855777&r1=1855776&r2=1855777&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/md/md_util.c (original)
+++ httpd/httpd/trunk/modules/md/md_util.c Mon Mar 18 16:05:04 2019
@@ -312,6 +312,13 @@ apr_status_t md_text_fcreatex(const char
if (APR_SUCCESS == rv) {
rv = write_text((void*)text, f, p);
apr_file_close(f);
+ /* See <https://github.com/icing/mod_md/issues/117>: when a umask
+ * is set, files need to be assigned permissions explicitly.
+ * Otherwise, as in the issues reported, it will break our access model. */
+ rv = apr_file_perms_set(fpath, perms);
+ if (APR_STATUS_IS_ENOTIMPL(rv)) {
+ rv = APR_SUCCESS;
+ }
}
return rv;
}