|
@@ -1888,7 +1888,6 @@ check_private_dir(const char *dirname, cpd_check_t check,
|
|
|
struct stat st;
|
|
|
char *f;
|
|
|
#ifndef _WIN32
|
|
|
- int mask;
|
|
|
const struct passwd *pw = NULL;
|
|
|
uid_t running_uid;
|
|
|
gid_t running_gid;
|
|
@@ -1986,22 +1985,20 @@ check_private_dir(const char *dirname, cpd_check_t check,
|
|
|
tor_free(process_groupname);
|
|
|
return -1;
|
|
|
}
|
|
|
- if (check & (CPD_GROUP_OK|CPD_GROUP_READ)) {
|
|
|
- mask = 0027;
|
|
|
- } else {
|
|
|
- mask = 0077;
|
|
|
- }
|
|
|
- if (st.st_mode & mask) {
|
|
|
- unsigned new_mode;
|
|
|
- if (check & CPD_CHECK_MODE_ONLY) {
|
|
|
+ if (check & CPD_CHECK_MODE_ONLY) {
|
|
|
+ if (st.st_mode & 0077) {
|
|
|
log_warn(LD_FS, "Permissions on directory %s are too permissive.",
|
|
|
dirname);
|
|
|
return -1;
|
|
|
}
|
|
|
+ } else {
|
|
|
log_warn(LD_FS, "Fixing permissions on directory %s", dirname);
|
|
|
- new_mode = st.st_mode;
|
|
|
- new_mode |= 0700; /* Owner should have rwx */
|
|
|
- new_mode &= ~mask; /* Clear the other bits that we didn't want set...*/
|
|
|
+ unsigned new_mode;
|
|
|
+ if (check & CPD_GROUP_READ) {
|
|
|
+ new_mode = 0750;
|
|
|
+ } else {
|
|
|
+ new_mode = 0700;
|
|
|
+ }
|
|
|
if (chmod(dirname, new_mode)) {
|
|
|
log_warn(LD_FS, "Could not chmod directory %s: %s", dirname,
|
|
|
strerror(errno));
|
|
@@ -2010,6 +2007,7 @@ check_private_dir(const char *dirname, cpd_check_t check,
|
|
|
return 0;
|
|
|
}
|
|
|
}
|
|
|
+
|
|
|
#endif
|
|
|
return 0;
|
|
|
}
|