Fix permissions logic

This commit is contained in:
David Stainton 2014-09-04 22:21:30 +00:00
parent 59e052b896
commit b59fd2efb6

View File

@ -1988,23 +1988,25 @@ check_private_dir(const char *dirname, cpd_check_t check,
tor_free(process_groupname);
return -1;
}
if (check & CPD_CHECK_MODE_ONLY) {
if (check & CPD_GROUP_OK || check & CPD_GROUP_READ) {
if (!st.st_mode & 0027) {
log_warn(LD_FS, "Incorrect permissions on directory %s a.", dirname);
return -1;
}
}
if (check & (CPD_GROUP_OK|CPD_GROUP_READ)) {
mask = 0027;
} else {
log_warn(LD_FS, "Fixing permissions on directory %s", dirname);
mask = 0077;
}
if (st.st_mode & mask) {
unsigned new_mode;
new_mode = 0700;
if (check & CPD_GROUP_OK) {
new_mode = 0700;
if (check & CPD_CHECK_MODE_ONLY) {
log_warn(LD_FS, "Permissions on directory %s are too permissive.",
dirname);
return -1;
}
log_warn(LD_FS, "Fixing permissions on directory %s", dirname);
new_mode = st.st_mode;
new_mode |= 0700; /* Owner should have rwx */
if (check & CPD_GROUP_READ) {
new_mode = 0750;
new_mode |= 0050; /* Group should have rx */
}
new_mode &= ~mask; /* Clear the other bits that we didn't want set...*/
if (chmod(dirname, new_mode)) {
log_warn(LD_FS, "Could not chmod directory %s: %s", dirname,
strerror(errno));