oddjob

Clone
Source Code
GIT

b800e25 Always set the home directory permissions according to HOME_MODE

Authored and Committed by casantos 4 months ago
raw patch tree parent
1 file changed. 21 lines added. 24 lines removed.
src/mkhomedir.c
file modified
+21 -24 
    Always set the home directory permissions according to HOME_MODE
    
    Currently the home directory permissions are set by taking the /etc/skel
    mode and masking it with HOME_MODE:
    
        override_umask = 0777 & ~get_umask(&configured_umask, "HOME_MODE");
        stat(skel, &sb); /* performed by nftw() */
        oddjob_selinux_mkdir(newpath, sb->st_mode & ~override_umask, uid, gid);
    
    The problem is that when HOME_MODE is more permissive than /etc/skel,
    the masking will not produce the desired result, e.g.
    
        skel_mode = 0755
        HOME_MODE = 0775
        override_umask = 0777 & ~HOME_MODE /* 0002 */
        mode = skel_mode & ~override_umask /* 0755 & 0775 = 0755 */
    
    In order to fix the problem, always use 0777 & ~override_umask for the
    top home directory.
    
    Signed-off-by: Carlos Santos <casantos@redhat.com>
    Fixes: https://pagure.io/oddjob/issue/17
file modified
+21 -24
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.