*) Another tackle at <icing#117>, explicitly setting

specified permissions on all files created in md store.
tlhackque · Mar 21, 2019 · e1fe1e8 · e1fe1e8
1 parent fade73f
commit e1fe1e8
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 5 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,8 @@
+v1.1.19
+----------------------------------------------------------------------------------------------------
+  *) Another tackle at <https://github.com/icing/mod_md/issues/117>, explicitly setting
+     specified permissions on all files created in md store.
+
 v1.1.18
 ----------------------------------------------------------------------------------------------------
   *) Explicitly setting file permissions to break out of umasks. We want our

diff --git a/configure.ac b/configure.ac
@@ -14,7 +14,7 @@
 #
 
 AC_PREREQ([2.69])
-AC_INIT([mod_md], [1.1.18], [stefan.eissing@greenbytes.de])
+AC_INIT([mod_md], [1.1.19], [stefan.eissing@greenbytes.de])
 
 LT_PREREQ([2.2.6])
 LT_INIT()

diff --git a/src/md_util.c b/src/md_util.c
@@ -194,8 +194,17 @@ apr_status_t md_util_fopen(FILE **pf, const char *fn, const char *mode)
 apr_status_t md_util_fcreatex(apr_file_t **pf, const char *fn, 
                               apr_fileperms_t perms, apr_pool_t *p)
 {
-    return apr_file_open(pf, fn, (APR_FOPEN_WRITE|APR_FOPEN_CREATE|APR_FOPEN_EXCL),
-                         perms, p);
+    apr_status_t rv;
+    rv = apr_file_open(pf, fn, (APR_FOPEN_WRITE|APR_FOPEN_CREATE|APR_FOPEN_EXCL),
+                       perms, p);
+    if (APR_SUCCESS == rv) {
+        /* See <https://github.com/icing/mod_md/issues/117>
+         * Some people set umask 007 to deny all world read/writability to files
+         * created by apache. While this is a noble effort, we need the store files
+         * to have the permissions as specified. */
+        rv = apr_file_perms_set(fn, perms);
+    }
+    return rv;
 }
 
 apr_status_t md_util_is_dir(const char *path, apr_pool_t *pool)

diff --git a/src/md_version.h b/src/md_version.h
@@ -27,15 +27,15 @@
  * @macro
  * Version number of the md module as c string
  */
-#define MOD_MD_VERSION "1.1.18-git"
+#define MOD_MD_VERSION "1.1.19-git"
 
 /**
  * @macro
  * Numerical representation of the version number of the md module
  * release. This is a 24 bit number with 8 bits for major number, 8 bits
  * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
  */
-#define MOD_MD_VERSION_NUM 0x010112
+#define MOD_MD_VERSION_NUM 0x010113
 
 #define MD_ACME_DEF_URL    "https://acme-v01.api.letsencrypt.org/directory"