You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2017/10/18 14:22:56 UTC
[Bug 61631] New: htpasswd -v option should require read and not
read-write for password file
https://bz.apache.org/bugzilla/show_bug.cgi?id=61631
Bug ID: 61631
Summary: htpasswd -v option should require read and not
read-write for password file
Product: Apache httpd-2
Version: 2.4.7
Hardware: PC
OS: Linux
Status: NEW
Severity: minor
Priority: P2
Component: support
Assignee: bugs@httpd.apache.org
Reporter: aikidoguy@gmail.com
Target Milestone: ---
Steps to reproduce on Ubuntu (where the bug was observed):
1) htpasswd –c htpasswd.site User.Name
2) chmod 444 htpasswd.site
3) htpasswd -v htpasswd.site User.Name
htpasswd: cannot open file htpasswd.site for read/write access
The htpasswd application fails to verify the password and seems to require the
htpasswd.site file to be readable and writable.
It was expected that the htpasswd program only needs to be able to read the
file's contents and does not need write permission in order to verify if a
provided password is valid or not.
The following command does not provide version information for the installed
program: htpasswd --version
"man htpasswd" provides the Apache HTTP Server date as 2013-07-06
"apt-cache policy apache2" provides the installed version as
2.4.7-1ubuntu4.18.0
"apache2 -v" provides server version is Apache/2.4.7 (Ubuntu) and built Sep 18
2017 16:37:54
It is unknown if the issue occurs on other platforms.
Possibly related to Bug 45923 – htpasswd tries to open(file, O_RDONLY |
O_APPEND)
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 61631] htpasswd -v option should require read and not
read-write for password file
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61631
Joe Orton <jo...@redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #1 from Joe Orton <jo...@redhat.com> ---
Thanks, fixed in r1812756.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org