mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2025-02-26 07:31:33 +01:00
Code Issues Projects Releases Wiki Activity

Fix permissions logic

Browse source
This commit is contained in:
David Stainton 2014-09-04 22:21:30 +00:00
parent 59e052b896
commit b59fd2efb6
1 changed files with 14 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
src/common/util.c
View file

@ -1988,23 +1988,25 @@ check_private_dir(const char *dirname, cpd_check_t check,
tor_free(process_groupname); tor_free(process_groupname);
return -1; return -1;
} }
if (check & CPD_CHECK_MODE_ONLY) { if (check & (CPD_GROUP_OK|CPD_GROUP_READ)) {
if (check & CPD_GROUP_OK || check & CPD_GROUP_READ) { mask = 0027;
if (!st.st_mode & 0027) {
log_warn(LD_FS, "Incorrect permissions on directory %s a.", dirname);
return -1;
}
}
} else { } else {
log_warn(LD_FS, "Fixing permissions on directory %s", dirname); mask = 0077;
}
if (st.st_mode & mask) {
unsigned new_mode; unsigned new_mode;
new_mode = 0700; if (check & CPD_CHECK_MODE_ONLY) {
if (check & CPD_GROUP_OK) { log_warn(LD_FS, "Permissions on directory %s are too permissive.",
new_mode = 0700; dirname);
return -1;
} }
log_warn(LD_FS, "Fixing permissions on directory %s", dirname);
new_mode = st.st_mode;
new_mode |= 0700; /* Owner should have rwx */
if (check & CPD_GROUP_READ) { if (check & CPD_GROUP_READ) {
new_mode = 0750; new_mode |= 0050; /* Group should have rx */
} }
new_mode &= ~mask; /* Clear the other bits that we didn't want set...*/
if (chmod(dirname, new_mode)) { if (chmod(dirname, new_mode)) {
log_warn(LD_FS, "Could not chmod directory %s: %s", dirname, log_warn(LD_FS, "Could not chmod directory %s: %s", dirname,
strerror(errno)); strerror(errno));