*) mod_md: Explicitly setting file permissions to break out of umasks. We want our

non-privilegded apache user to be able to read them. See github issue <https://github.com/icing/mod_md/issues/117>. [Stefan Eissing] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1855777 13f79535-47bb-0310-9956-ffa450edef68
author: Stefan Eissing <icing@apache.org> 2019-03-18 17:05:04 +0100
committer: Stefan Eissing <icing@apache.org> 2019-03-18 17:05:04 +0100
commit: 2a412fcd1eed37c893fe9fe7e4c4ccec25d906ad (patch)
tree: 2d128241d0adf31adf2034057acf58c5f22cd4df /modules/md
parent: rephrase MimeOptions description (diff)
download: apache2-2a412fcd1eed37c893fe9fe7e4c4ccec25d906ad.tar.xz
apache2-2a412fcd1eed37c893fe9fe7e4c4ccec25d906ad.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/modules/md/md_util.c b/modules/md/md_util.c
index 4e97d92bd3..12b7dd6da1 100644
--- a/modules/md/md_util.c
+++ b/modules/md/md_util.c
@@ -312,6 +312,13 @@ apr_status_t md_text_fcreatex(const char *fpath, apr_fileperms_t perms,
     if (APR_SUCCESS == rv) {
         rv = write_text((void*)text, f, p);
         apr_file_close(f);
+        /* See <https://github.com/icing/mod_md/issues/117>: when a umask
+         * is set, files need to be assigned permissions explicitly.
+         * Otherwise, as in the issues reported, it will break our access model. */
+        rv = apr_file_perms_set(fpath, perms);
+        if (APR_STATUS_IS_ENOTIMPL(rv)) {
+            rv = APR_SUCCESS;
+        }
     }
     return rv;
 }
author	Stefan Eissing <icing@apache.org>	2019-03-18 17:05:04 +0100
committer	Stefan Eissing <icing@apache.org>	2019-03-18 17:05:04 +0100
commit	2a412fcd1eed37c893fe9fe7e4c4ccec25d906ad (patch)
tree	2d128241d0adf31adf2034057acf58c5f22cd4df /modules/md
parent	rephrase MimeOptions description (diff)
download	apache2-2a412fcd1eed37c893fe9fe7e4c4ccec25d906ad.tar.xz apache2-2a412fcd1eed37c893fe9fe7e4c4ccec25d906ad.zip