summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDominic Cleal <dcleal@redhat.com>2012-08-11 19:39:14 (GMT)
committerDominic Cleal <dcleal@redhat.com>2012-08-11 21:00:05 (GMT)
commit051c73a9a7ffe9e525f6f0a1b8f5198ff8cc6752 (patch)
treee462141f28b1cb4afbbba474484962d72dcba3af
parent64244e867cd979435218a72a325c12fc2e477ab3 (diff)
downloadaugeas-051c73a9.zip
augeas-051c73a9.tar.gz
augeas-051c73a9.tar.xz
Fix regression in permissions of created files
Commit 16387744 changed temporary file creation to use mkstemp, resulting in new files being created with 0600 permissions. For brand new files created through Augeas, their permissions stayed at 0600 rather than being set by the umask as before. * src/transform.c (transform_save): chmod after creating new files to permissions implied by the umask
-rw-r--r--src/transform.c10
-rwxr-xr-xtests/test-preserve.sh15
2 files changed, 24 insertions, 1 deletions
diff --git a/src/transform.c b/src/transform.c
index a3acd10..1ca3d5f 100644
--- a/src/transform.c
+++ b/src/transform.c
@@ -1096,6 +1096,16 @@ int transform_save(struct augeas *aug, struct tree *xfm,
err_status = "xfer_attrs";
goto done;
}
+ } else {
+ /* Since mkstemp is used, the temp file will have secure permissions
+ * instead of those implied by umask, so change them for new files */
+ mode_t curumsk = umask(022);
+ umask(curumsk);
+
+ if (fchmod(fileno(fp), 0666 - curumsk) < 0) {
+ err_status = "create_chmod";
+ return -1;
+ }
}
if (tree != NULL)
diff --git a/tests/test-preserve.sh b/tests/test-preserve.sh
index 042dab9..9719ac6 100755
--- a/tests/test-preserve.sh
+++ b/tests/test-preserve.sh
@@ -59,9 +59,12 @@ if [ $selinux = yes -a xetc_t != "x$act_con" ] ; then
exit 1
fi
-# Check that we create new files without error
+# Check that we create new files without error and with permissions implied
+# from the umask
init_dirs
+oldumask=$(umask)
+umask 0002
$AUGTOOL > /dev/null <<EOF
set /files/etc/hosts/1/ipaddr 127.0.0.1
set /files/etc/hosts/1/canonical host.example.com
@@ -71,6 +74,16 @@ if [ $? != 0 ] ; then
echo "augtool failed on new file"
exit 1
fi
+if [ ! -e $hosts ]; then
+ echo "augtool didn't create new /etc/hosts file"
+ exit 1
+fi
+act_mode=$(ls -l $hosts | cut -b 1-10)
+if [ x-rw-rw-r-- != "x$act_mode" ] ; then
+ echo "Expected mode 0664 due to $(umask) umask but got $act_mode"
+ exit 1
+fi
+umask $oldumask
# Check that we create new files without error when backups are requested
init_dirs