Author: Alex Rousskov <rousskov@measurement-factory.com>

Bug 2254: umask support needs porting from 2.6

diff --git a/src/cache_cf.cc b/src/cache_cf.cc
index b6e9c53092d0bd0fc6a7db95d37f22dbae4c4656..f41466343afe95251667b17a5e37481db77f2ed6 100644 (file)
--- a/src/cache_cf.cc
+++ b/src/cache_cf.cc
@@ -403,6 +403,7 @@ parseConfigFile(const char *file_name, CacheManager & manager)
 
     if (!Config.chroot_dir) {
         leave_suid();
+        setUmask(Config.umask);
         _db_init(Config.Log.log, Config.debugOptions);
         enter_suid();
     }

diff --git a/src/cf.data.pre b/src/cf.data.pre
index 7e4c9d77d6bf2ef0ed4c3839068d5fc40cfa57ba..6c30ee100e92ebca5522fbaf1a86cba34db14993 100644 (file)
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -3525,6 +3525,18 @@ DOC_START
        A list of other DNS names your cache has.
 DOC_END
 
+NAME: umask
+TYPE: int
+LOC: Config.umask
+DEFAULT: 027
+DOC_START
+       Minimum umask which should be enforced while the proxy
+       is running, in addition to the umask set at startup.
+
+       For a traditional octal representation of umasks, start
+        your value with 0.
+DOC_END
+
 COMMENT_START
  OPTIONS FOR THE CACHE REGISTRATION SERVICE
  -----------------------------------------------------------------------------

diff --git a/src/main.cc b/src/main.cc
index 8581ffd8d6e83fa8e13a456996dc6d4a716b2b7e..006a9e6e98f271151663504ed6b42439d6fe1634 100644 (file)
--- a/src/main.cc
+++ b/src/main.cc
@@ -694,6 +694,7 @@ mainReconfigure(void)
     errorClean();
     enter_suid();              /* root to read config file */
     parseConfigFile(ConfigFile, manager);
+    setUmask(Config.umask);
     Mem::Report();
     setEffectiveUser();
     _db_init(Config.Log.log, Config.debugOptions);
@@ -1150,7 +1151,6 @@ int
 main(int argc, char **argv)
 #endif
 {
-    mode_t oldmask;
 #ifdef _SQUID_WIN32_
 
     int WIN32_init_err;
@@ -1197,17 +1197,6 @@ main(int argc, char **argv)
 #endif
 #endif /* HAVE_MALLOPT */
 
-    /*
-     * The plan here is to set the umask to 007 (deny others for
-     * read,write,execute), but only if the umask is not already
-     * set.  Unfortunately, there is no way to get the current
-     * umask value without setting it.
-     */
-    oldmask = umask(S_IRWXO);
-
-    if (oldmask)
-        umask(oldmask);
-
     squid_srandom(time(NULL));
 
     getCurrentTime();
@@ -1281,6 +1270,7 @@ main(int argc, char **argv)
 
             return parse_err;
     }
+    setUmask(Config.umask);
     if (-1 == opt_send_signal)
         if (checkRunningPid())
             exit(1);

diff --git a/src/protos.h b/src/protos.h
index 7d9515d53a530f509d9f82f54fb7a90602e10d5f..5b338ebd68ca28e93c336702667798139d66329c 100644 (file)
--- a/src/protos.h
+++ b/src/protos.h
@@ -694,6 +694,7 @@ SQUIDCEXTERN int xrename(const char *from, const char *to);
 SQUIDCEXTERN int isPowTen(int);
 SQUIDCEXTERN void parseEtcHosts(void);
 SQUIDCEXTERN int getMyPort(void);
+SQUIDCEXTERN void setUmask(mode_t mask);
 
 SQUIDCEXTERN char *strwordtok(char *buf, char **t);
 SQUIDCEXTERN void strwordquote(MemBuf * mb, const char *str);

diff --git a/src/structs.h b/src/structs.h
index 713f65143ef3c77f0dc485b20ca04bb44bcdcca1..9c1352dc061b41f381fc9fbe00e90d9bc73e92a1 100644 (file)
--- a/src/structs.h
+++ b/src/structs.h
@@ -638,6 +638,7 @@ struct SquidConfig
 #endif
 
     char *accept_filter;
+    int umask;
 
 #if USE_LOADABLE_MODULES
     wordlist *loadable_module_names;

diff --git a/src/tools.cc b/src/tools.cc
index ea21c8e27c61389bbd6bc102d8b08cebbb486b62..fde820e4f93da0035d72d55fe0ecb6008567259d 100644 (file)
--- a/src/tools.cc
+++ b/src/tools.cc
@@ -1183,6 +1183,17 @@ getMyPort(void)
     return 0;                  /* NOT REACHED */
 }
 
+/*
+ * Set the umask to at least the given mask. This is in addition
+ * to the umask set at startup
+ */
+void
+setUmask(mode_t mask)
+{
+    // No way to get the current umask value without setting it.
+    static const mode_t orig_umask = umask(mask); // once, to get
+    umask(mask | orig_umask); // always, to set
+}
 
 /*
  * Inverse of strwordtok. Quotes a word if needed