*) mod_md: Explicitly setting file permissions to break out of umasks. We want our

     non-privilegded apache user to be able to read them. See github issue
     <https://github.com/icing/mod_md/issues/117>. [Stefan Eissing]

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1855777 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 57f0e9e65658d200112a79f90d4392f9c8fdd335..7bd6a34c03ddacc38962c265e3427188acedc82d 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.1
 
+  *) mod_md: Explicitly setting file permissions to break out of umasks. We want our
+     non-privilegded apache user to be able to read them. See github issue
+     <https://github.com/icing/mod_md/issues/117>. [Stefan Eissing] 
+  
   *) Merge consecutive slashes in URL's. Opt-out with `MergeSlashes OFF`. 
      [Eric Covener]
 

diff --git a/modules/md/md_util.c b/modules/md/md_util.c
index 4e97d92bd3fa2b68a8a51380f05e6fbfd4069509..12b7dd6da17aaea87647eef8edc8dbb3f6d68798 100644 (file)
--- a/modules/md/md_util.c
+++ b/modules/md/md_util.c
@@ -312,6 +312,13 @@ apr_status_t md_text_fcreatex(const char *fpath, apr_fileperms_t perms,
     if (APR_SUCCESS == rv) {
         rv = write_text((void*)text, f, p);
         apr_file_close(f);
+        /* See <https://github.com/icing/mod_md/issues/117>: when a umask
+         * is set, files need to be assigned permissions explicitly.
+         * Otherwise, as in the issues reported, it will break our access model. */
+        rv = apr_file_perms_set(fpath, perms);
+        if (APR_STATUS_IS_ENOTIMPL(rv)) {
+            rv = APR_SUCCESS;
+        }
     }
     return rv;
 }