From df4137baee2fa3e3448603a0e3c8c74d722adb2c Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Tue, 20 Jul 2021 09:34:59 +0200 Subject: [PATCH] * Filemanager/VFS: when creating a new file as root eg. via (docker exec) filemanager/cli.php do NOT create files unreadable by webserver --- api/src/Vfs/Sqlfs/StreamWrapper.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/api/src/Vfs/Sqlfs/StreamWrapper.php b/api/src/Vfs/Sqlfs/StreamWrapper.php index ac93cd527f..a7c62e71b9 100644 --- a/api/src/Vfs/Sqlfs/StreamWrapper.php +++ b/api/src/Vfs/Sqlfs/StreamWrapper.php @@ -254,10 +254,11 @@ class StreamWrapper extends Api\Db\Pdo implements Vfs\StreamWrapperIface { $umaskbefore = umask(); if (self::LOG_LEVEL > 1) error_log(__METHOD__." about to call mkdir for $fs_dir # Present UMASK:".decoct($umaskbefore)." called from:".function_backtrace()); - self::mkdir_recursive($fs_dir,0700,true); + // if running as root eg. via (docker exec) filemanager/cli.php do NOT create dirs not readable by webserver + self::mkdir_recursive($fs_dir,function_exists('posix_getuid') && !posix_getuid() ? 0777 : 0700,true); } } - // check if opend file is a directory + // check if opened file is a directory elseif($stat && ($stat['mode'] & self::MODE_DIR) == self::MODE_DIR) { if (self::LOG_LEVEL) error_log(__METHOD__."($url,$mode,$options) Is a directory!"); @@ -308,6 +309,11 @@ class StreamWrapper extends Api\Db\Pdo implements Vfs\StreamWrapperIface if ($this->operation == self::STORE2FS) { if (self::LOG_LEVEL > 1) error_log(__METHOD__." fopen (may create a directory? mkdir) ($this->opened_fs_id,$mode,$options)"); + // if creating a new file as root eg. via (docker exec) filemanager/cli.php do NOT create files unreadable by webserver + if ($new_file && function_exists('posix_getuid') && !posix_getuid()) + { + umask(0666); + } if (!($this->opened_stream = fopen(self::_fs_path($this->opened_fs_id),$mode)) && $new_file) { // delete db entry again, if we are not able to open a new(!) file