* Filemanager/VFS: when creating a new file as root eg. via (docker exec) filemanager/cli.php do NOT create files unreadable by webserver

This commit is contained in:
Ralf Becker 2021-07-20 09:34:59 +02:00
parent fdaac697e2
commit 10c24c1830

View File

@ -254,10 +254,11 @@ class StreamWrapper extends Api\Db\Pdo implements Vfs\StreamWrapperIface
{ {
$umaskbefore = umask(); $umaskbefore = umask();
if (self::LOG_LEVEL > 1) error_log(__METHOD__." about to call mkdir for $fs_dir # Present UMASK:".decoct($umaskbefore)." called from:".function_backtrace()); if (self::LOG_LEVEL > 1) error_log(__METHOD__." about to call mkdir for $fs_dir # Present UMASK:".decoct($umaskbefore)." called from:".function_backtrace());
self::mkdir_recursive($fs_dir,0700,true); // if running as root eg. via (docker exec) filemanager/cli.php do NOT create dirs not readable by webserver
self::mkdir_recursive($fs_dir,function_exists('posix_getuid') && !posix_getuid() ? 0777 : 0700,true);
} }
} }
// check if opend file is a directory // check if opened file is a directory
elseif($stat && ($stat['mode'] & self::MODE_DIR) == self::MODE_DIR) elseif($stat && ($stat['mode'] & self::MODE_DIR) == self::MODE_DIR)
{ {
if (self::LOG_LEVEL) error_log(__METHOD__."($url,$mode,$options) Is a directory!"); if (self::LOG_LEVEL) error_log(__METHOD__."($url,$mode,$options) Is a directory!");
@ -308,6 +309,11 @@ class StreamWrapper extends Api\Db\Pdo implements Vfs\StreamWrapperIface
if ($this->operation == self::STORE2FS) if ($this->operation == self::STORE2FS)
{ {
if (self::LOG_LEVEL > 1) error_log(__METHOD__." fopen (may create a directory? mkdir) ($this->opened_fs_id,$mode,$options)"); if (self::LOG_LEVEL > 1) error_log(__METHOD__." fopen (may create a directory? mkdir) ($this->opened_fs_id,$mode,$options)");
// if creating a new file as root eg. via (docker exec) filemanager/cli.php do NOT create files unreadable by webserver
if ($new_file && function_exists('posix_getuid') && !posix_getuid())
{
umask(0666);
}
if (!($this->opened_stream = fopen(self::_fs_path($this->opened_fs_id),$mode)) && $new_file) if (!($this->opened_stream = fopen(self::_fs_path($this->opened_fs_id),$mode)) && $new_file)
{ {
// delete db entry again, if we are not able to open a new(!) file // delete db entry again, if we are not able to open a new(!) file