From d241d2f153753c61c32d49cf0787cb01dfe2c810 Mon Sep 17 00:00:00 2001 From: Lars Erik Wik Date: Tue, 15 Jul 2025 13:51:02 +0200 Subject: [PATCH] Fixed bug where remote file copy always preserves source perms Remote file copy with the 'copy_from' attribute now only preserves source file permissions if the 'preserve' attribute in 'body copy_from' is true. Otherwise it will use the permissions of the destination file if it already exists and default permissions if it does not. Ticket: ENT-11988 Changelog: Commit Signed-off-by: Lars Erik Wik (cherry picked from commit e2021b555f62197e6a112ee09e5af23ee4a68b6f) --- cf-agent/verify_files_utils.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/cf-agent/verify_files_utils.c b/cf-agent/verify_files_utils.c index 84115f997f..440f7cd97c 100644 --- a/cf-agent/verify_files_utils.c +++ b/cf-agent/verify_files_utils.c @@ -22,6 +22,7 @@ included file COSL.txt. */ +#include #include #include @@ -1551,8 +1552,25 @@ bool CopyRegularFile(EvalContext *ctx, const char *source, const char *dest, con return false; } + /* Use perms from source file if preserve is true, otherwise use perms + * of destination file if it exists, otherwise use default perms. */ + mode_t mode; + if (attr->copy.preserve) + { + mode = sstat->st_mode; + } + else if (dest_exists) + { + mode = dest_stat.st_mode; + } + else + { + mode = CF_PERMS_DEFAULT; + } + mode &= 0777; /* Never preserve SUID bit */ + if (!CopyRegularFileNet(source, ToChangesPath(new), - sstat->st_size, attr->copy.encrypt, conn, sstat->st_mode)) + sstat->st_size, attr->copy.encrypt, conn, mode)) { RecordFailure(ctx, pp, attr, "Failed to copy file '%s' from '%s'", source, conn->remoteip);