From: Stefan Eissing Date: Mon, 18 Mar 2019 16:05:04 +0000 (+0000) Subject: *) mod_md: Explicitly setting file permissions to break out of umasks. We want our X-Git-Tag: 2.5.0-alpha2-ci-test-only~2092 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2a412fcd1eed37c893fe9fe7e4c4ccec25d906ad;p=thirdparty%2Fapache%2Fhttpd.git *) mod_md: Explicitly setting file permissions to break out of umasks. We want our non-privilegded apache user to be able to read them. See github issue . [Stefan Eissing] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1855777 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 57f0e9e6565..7bd6a34c03d 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.1 + *) mod_md: Explicitly setting file permissions to break out of umasks. We want our + non-privilegded apache user to be able to read them. See github issue + . [Stefan Eissing] + *) Merge consecutive slashes in URL's. Opt-out with `MergeSlashes OFF`. [Eric Covener] diff --git a/modules/md/md_util.c b/modules/md/md_util.c index 4e97d92bd3f..12b7dd6da17 100644 --- a/modules/md/md_util.c +++ b/modules/md/md_util.c @@ -312,6 +312,13 @@ apr_status_t md_text_fcreatex(const char *fpath, apr_fileperms_t perms, if (APR_SUCCESS == rv) { rv = write_text((void*)text, f, p); apr_file_close(f); + /* See : when a umask + * is set, files need to be assigned permissions explicitly. + * Otherwise, as in the issues reported, it will break our access model. */ + rv = apr_file_perms_set(fpath, perms); + if (APR_STATUS_IS_ENOTIMPL(rv)) { + rv = APR_SUCCESS; + } } return rv; }