commit b59fd2efb61e0b6def3fdbf4b8e359acc852776c Author: David Stainton dstainton415@gmail.com Date: Thu Sep 4 22:21:30 2014 +0000
Fix permissions logic --- src/common/util.c | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-)
diff --git a/src/common/util.c b/src/common/util.c index 3f04932..bf00270 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -1988,23 +1988,25 @@ check_private_dir(const char *dirname, cpd_check_t check, tor_free(process_groupname); return -1; } - if (check & CPD_CHECK_MODE_ONLY) { - if (check & CPD_GROUP_OK || check & CPD_GROUP_READ) { - if (!st.st_mode & 0027) { - log_warn(LD_FS, "Incorrect permissions on directory %s a.", dirname); - return -1; - } - } + if (check & (CPD_GROUP_OK|CPD_GROUP_READ)) { + mask = 0027; } else { - log_warn(LD_FS, "Fixing permissions on directory %s", dirname); + mask = 0077; + } + if (st.st_mode & mask) { unsigned new_mode; - new_mode = 0700; - if (check & CPD_GROUP_OK) { - new_mode = 0700; + if (check & CPD_CHECK_MODE_ONLY) { + log_warn(LD_FS, "Permissions on directory %s are too permissive.", + dirname); + return -1; } + log_warn(LD_FS, "Fixing permissions on directory %s", dirname); + new_mode = st.st_mode; + new_mode |= 0700; /* Owner should have rwx */ if (check & CPD_GROUP_READ) { - new_mode = 0750; + new_mode |= 0050; /* Group should have rx */ } + new_mode &= ~mask; /* Clear the other bits that we didn't want set...*/ if (chmod(dirname, new_mode)) { log_warn(LD_FS, "Could not chmod directory %s: %s", dirname, strerror(errno));