[PATCH 2/2] update-server-info: create info/* with mode 0666

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jeff King <peff@peff.net>
To: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Cc: Junio C Hamano <gitster@pobox.com>, git@vger.kernel.org
Subject: [PATCH 2/2] update-server-info: create info/* with mode 0666
Date: Mon, 5 Jan 2015 22:50:49 -0500	[thread overview]
Message-ID: <20150106035048.GB20087@peff.net> (raw)
In-Reply-To: <20150106034702.GA11503@peff.net>

Prior to d38379e (make update-server-info more robust,
2014-09-13), we used a straight "fopen" to create the
info/refs and objects/info/packs files, which creates the
file using mode 0666 (less the default umask).

In d38379e, we switched to creating the file with mkstemp
to get a unique filename. But mkstemp also uses the more
restrictive 0600 mode to create the file. This was an
unintended side effect that we did not want, and causes
problems when the repository is served by a different user
than the one running update-server-info (it is no longer
readable by a dumb http server running as `www`, for
example).

We can fix this by using git_mkstemp_mode and specifying
0666.  Note that we could also say "just use
core.sharedrepository", as we do call adjust_shared_perm
on the result before renaming it into place.  But that is
not very friendly. The shared-repo config is usually about
making things _writable_ for other users. Until d38379e,
there was no explicit config needed to serve an otherwise
readable repository, and we should consider it a
regression.

Signed-off-by: Jeff King <peff@peff.net>
---
 server-info.c          |  2 +-
 t/t1301-shared-repo.sh | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/server-info.c b/server-info.c
index 31f4a74..34b0253 100644
--- a/server-info.c
+++ b/server-info.c
@@ -17,7 +17,7 @@ static int update_info_file(char *path, int (*generate)(FILE *))
 	FILE *fp = NULL;

 	safe_create_leading_directories(path);
-	fd = mkstemp(tmp);
+	fd = git_mkstemp_mode(tmp, 0666);
 	if (fd < 0)
 		goto out;
 	fp = fdopen(fd, "w");
diff --git a/t/t1301-shared-repo.sh b/t/t1301-shared-repo.sh
index 86ed901..feff55e 100755
--- a/t/t1301-shared-repo.sh
+++ b/t/t1301-shared-repo.sh
@@ -111,6 +111,16 @@ do

 done

+test_expect_success POSIXPERM 'info/refs is readable in unshared repo' '
+	rm -f .git/info/refs &&
+	test_unconfig core.sharedrepository &&
+	umask 002 &&
+	git update-server-info &&
+	echo "-rw-rw-r--" >expect &&
+	modebits .git/info/refs >actual &&
+	test_cmp expect actual
+'
+
 test_expect_success POSIXPERM 'git reflog expire honors core.sharedRepository' '
 	umask 077 &&
 	git config core.sharedRepository group &&
-- 
2.2.1.425.g441bb3c

next prev parent reply	other threads:[~2015-01-06  3:50 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-01-05 19:07 git 2.2.x: Unexpected, overstrict file permissions after "git update-server-info" Paul Sokolovsky
2015-01-05 22:23 ` Torsten Bögershausen
2015-01-06  3:47 ` Jeff King
2015-01-06  3:49   ` [PATCH 1/2] t1301: set umask in reflog sharedrepository=group test Jeff King
2015-01-06  3:50   ` Jeff King [this message]
2015-01-06 18:47     ` [PATCH 2/2] update-server-info: create info/* with mode 0666 Junio C Hamano
2015-01-06 19:39       ` Jeff King
2015-01-06 21:43         ` Junio C Hamano
2015-01-06 21:47           ` Jeff King
2015-01-06 10:08   ` git 2.2.x: Unexpected, overstrict file permissions after "git update-server-info" Junio C Hamano
2015-01-06 12:43     ` Paul Sokolovsky
2015-01-06 18:44     ` Junio C Hamano
2015-01-06 19:37     ` Jeff King
2015-01-06 12:12   ` Paul Sokolovsky

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:31f4a74 dfblob:34b0253 dfblob:86ed901 dfblob:feff55e )
 OR (
bs:"[PATCH 2/2] update-server-info: create info/* with mode 0666" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150106035048.GB20087@peff.net \
    --to=peff@peff.net \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    --cc=paul.sokolovsky@linaro.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.