You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
77 lines
2.4 KiB
77 lines
2.4 KiB
11 years ago
|
From 051c73a9a7ffe9e525f6f0a1b8f5198ff8cc6752 Mon Sep 17 00:00:00 2001
|
||
|
From: Dominic Cleal <dcleal@redhat.com>
|
||
|
Date: Sat, 11 Aug 2012 20:39:14 +0100
|
||
|
Subject: [PATCH] Fix regression in permissions of created files
|
||
|
|
||
|
Commit 16387744 changed temporary file creation to use mkstemp, resulting in
|
||
|
new files being created with 0600 permissions. For brand new files created
|
||
|
through Augeas, their permissions stayed at 0600 rather than being set by the
|
||
|
umask as before.
|
||
|
|
||
|
* src/transform.c (transform_save): chmod after creating new files to
|
||
|
permissions implied by the umask
|
||
|
---
|
||
|
src/transform.c | 10 ++++++++++
|
||
|
tests/test-preserve.sh | 15 ++++++++++++++-
|
||
|
2 files changed, 24 insertions(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/src/transform.c b/src/transform.c
|
||
|
index a3acd10..1ca3d5f 100644
|
||
|
--- a/src/transform.c
|
||
|
+++ b/src/transform.c
|
||
|
@@ -1096,6 +1096,16 @@ int transform_save(struct augeas *aug, struct tree *xfm,
|
||
|
err_status = "xfer_attrs";
|
||
|
goto done;
|
||
|
}
|
||
|
+ } else {
|
||
|
+ /* Since mkstemp is used, the temp file will have secure permissions
|
||
|
+ * instead of those implied by umask, so change them for new files */
|
||
|
+ mode_t curumsk = umask(022);
|
||
|
+ umask(curumsk);
|
||
|
+
|
||
|
+ if (fchmod(fileno(fp), 0666 - curumsk) < 0) {
|
||
|
+ err_status = "create_chmod";
|
||
|
+ return -1;
|
||
|
+ }
|
||
|
}
|
||
|
|
||
|
if (tree != NULL)
|
||
|
diff --git a/tests/test-preserve.sh b/tests/test-preserve.sh
|
||
|
index 042dab9..9719ac6 100755
|
||
|
--- a/tests/test-preserve.sh
|
||
|
+++ b/tests/test-preserve.sh
|
||
|
@@ -59,9 +59,12 @@ if [ $selinux = yes -a xetc_t != "x$act_con" ] ; then
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
-# Check that we create new files without error
|
||
|
+# Check that we create new files without error and with permissions implied
|
||
|
+# from the umask
|
||
|
init_dirs
|
||
|
|
||
|
+oldumask=$(umask)
|
||
|
+umask 0002
|
||
|
$AUGTOOL > /dev/null <<EOF
|
||
|
set /files/etc/hosts/1/ipaddr 127.0.0.1
|
||
|
set /files/etc/hosts/1/canonical host.example.com
|
||
|
@@ -71,6 +74,16 @@ if [ $? != 0 ] ; then
|
||
|
echo "augtool failed on new file"
|
||
|
exit 1
|
||
|
fi
|
||
|
+if [ ! -e $hosts ]; then
|
||
|
+ echo "augtool didn't create new /etc/hosts file"
|
||
|
+ exit 1
|
||
|
+fi
|
||
|
+act_mode=$(ls -l $hosts | cut -b 1-10)
|
||
|
+if [ x-rw-rw-r-- != "x$act_mode" ] ; then
|
||
|
+ echo "Expected mode 0664 due to $(umask) umask but got $act_mode"
|
||
|
+ exit 1
|
||
|
+fi
|
||
|
+umask $oldumask
|
||
|
|
||
|
# Check that we create new files without error when backups are requested
|
||
|
init_dirs
|
||
|
--
|
||
|
1.8.5.1
|
||
|
|