Opened 3 years ago

Closed 3 years ago

#1096 closed defect (fixed)

dav_access user:r is not respected

Reported by: bjacquin@… Owned by:
Priority: minor Milestone:
Component: other Version: 1.11.x
Keywords: Cc: bertrand@…
uname -a: Linux e3 3.18.42-longterm #1 SMP Sun Sep 25 16:38:58 CEST 2016 x86_64 Intel(R) Xeon(R) CPU 5150 @ 2.66GHz GenuineIntel GNU/Linux
nginx -V: nginx version: nginx/1.11.4
built with OpenSSL 1.0.2h 3 May 2016 (running with OpenSSL 1.0.2j 26 Sep 2016)
TLS SNI support enabled
configure arguments: --prefix=/usr --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error_log --pid-path=/run/nginx.pid --lock-path=/run/lock/nginx.lock --with-cc-opt=-I/usr/include --with-ld-opt=-L/usr/lib64 --http-log-path=/var/log/nginx/access_log --http-client-body-temp-path=/var/lib/nginx/tmp/client --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --with-file-aio --with-http_v2_module --with-ipv6 --with-pcre --with-pcre-jit --without-http_browser_module --without-http_empty_gif_module --without-http_geo_module --without-http_limit_req_module --without-http_limit_conn_module --without-http_memcached_module --without-http_proxy_module --without-http_referer_module --without-http_scgi_module --without-http_ssi_module --without-http_split_clients_module --without-http_upstream_hash_module --without-http_upstream_ip_hash_module --without-http_upstream_keepalive_module --without-http_upstream_least_conn_module --without-http_upstream_zone_module --without-http_userid_module --without-http_uwsgi_module --with-http_dav_module --with-http_realip_module --with-http_stub_status_module --with-http_realip_module --add-module=external_module/ngx-fancyindex-0.4.1 --add-module=external_module/ngx_http_auth_pam_module-1.5.1 --add-module=external_module/nginx-rtmp-module-1.1.9 --add-module=external_module/nginx-dav-ext-module-0.0.3 --with-http_ssl_module --without-stream_access_module --without-stream_geo_module --without-stream_limit_conn_module --without-stream_map_module --without-stream_return_module --without-stream_split_clients_module --without-stream_upstream_hash_module --without-stream_upstream_least_conn_module --without-stream_upstream_zone_module --without-mail_imap_module --without-mail_pop3_module --without-mail_smtp_module --user=nginx --group=nginx

Description

Hi,

Configuration including 'dav_access user:r' is not respected, files are created with permission '-rw-------', instead of '-r--------'.
My purpose here is to make sure a file will never be overwritten.

$ cat /etc/nginx/nginx.conf
user nginx nginx;
worker_processes 1;

error_log syslog:server=unix:/dev/log,facility=local7,severity=error info;
pcre_jit on;

events {
  worker_connections 1024;
  use epoll;
}

http {
  disable_symlinks if_not_owner;
  etag off;
  if_modified_since exact;

  server_tokens off;

  include /etc/nginx/mime.types;
  default_type application/octet-stream;

  log_format main
    '$remote_addr - $remote_user [$time_local] '
    '"$request" $status $bytes_sent '
    '"$http_referer" "$http_user_agent" '
    '"$gzip_ratio"';

  client_body_temp_path /var/nginx/tmp;

  index index.html;

  server {
    listen 127.0.0.1:80;

    server_name localhost;

    access_log syslog:server=unix:/dev/log,facility=local7,severity=info  combined;
    error_log  syslog:server=unix:/dev/log,facility=local7,severity=error info;

    root /var/nginx/www-root;

    dav_methods PUT;
    dav_access user:r;

    create_full_put_path on;

    autoindex on;
  }
}
$ curl -T /etc/fstab -D - http://127.0.0.1
HTTP/1.1 100 Continue

HTTP/1.1 204 No Content
Server: nginx
Date: Thu, 06 Oct 2016 00:12:15 GMT
Connection: keep-alive
$ stat /var/nginx/www-root/fstab  
  File: '/var/nginx/www-root/fstab'
  Size: 950             Blocks: 8          IO Block: 4096   regular file
Device: 6811h/26641d    Inode: 3281364     Links: 1
Access: (0600/-rw-------)  Uid: (  1042/nginx)   Gid: (  1042/   nginx)
Access: 2016-10-06 02:12:15.867658907 +0200
Modify: 2016-10-06 02:12:15.867658907 +0200
Change: 2016-10-06 02:12:15.867658907 +0200
 Birth: -

Change History (3)

comment:1 by Maxim Dounin, 3 years ago

Status: newaccepted

Confirmed, ngx_conf_set_access_slot() unconditionally set access mask to 0600 and only extends it then. Try the following patch:

# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1475770303 -10800
#      Thu Oct 06 19:11:43 2016 +0300
# Node ID 4bf4b60684f4e4b02a342b8fb354375e482d7362
# Parent  6980c52f986bc28e4a0e712e1b0fb796c09cf003
Core: ngx_conf_set_access_slot() user access.

Previously, user access bits were always set to "rw" unconditionally,
even with "user:r" explicitly specified.  With this change we only add
default user access bits (0600) if they weren't set explicitly.

diff --git a/src/core/ngx_file.c b/src/core/ngx_file.c
--- a/src/core/ngx_file.c
+++ b/src/core/ngx_file.c
@@ -441,7 +441,7 @@ ngx_conf_set_access_slot(ngx_conf_t *cf,
 
     u_char      *p;
     ngx_str_t   *value;
-    ngx_uint_t   i, right, shift, *access;
+    ngx_uint_t   i, right, shift, *access, user;
 
     access = (ngx_uint_t *) (confp + cmd->offset);
 
@@ -451,7 +451,8 @@ ngx_conf_set_access_slot(ngx_conf_t *cf,
 
     value = cf->args->elts;
 
-    *access = 0600;
+    *access = 0;
+    user = 0600;
 
     for (i = 1; i < cf->args->nelts; i++) {
 
@@ -460,6 +461,7 @@ ngx_conf_set_access_slot(ngx_conf_t *cf,
         if (ngx_strncmp(p, "user:", sizeof("user:") - 1) == 0) {
             shift = 6;
             p += sizeof("user:") - 1;
+            user = 0;
 
         } else if (ngx_strncmp(p, "group:", sizeof("group:") - 1) == 0) {
             shift = 3;
@@ -486,6 +488,8 @@ ngx_conf_set_access_slot(ngx_conf_t *cf,
         *access |= right << shift;
     }
 
+    *access |= user;
+
     return NGX_CONF_OK;
 
 invalid:

comment:2 by Maxim Dounin <mdounin@…>, 3 years ago

In 6730:1606a817c1d4/nginx:

Core: ngx_conf_set_access_slot() user access (ticket #1096).

Previously, user access bits were always set to "rw" unconditionally,
even with "user:r" explicitly specified. With this change we only add
default user access bits (0600) if they weren't set explicitly.

comment:3 by Maxim Dounin, 3 years ago

Resolution: fixed
Status: acceptedclosed

Fix committed, thanks.

Note: See TracTickets for help on using tickets.