From fabe6a500629eb0810e535bb41d49b8f493056e9 Mon Sep 17 00:00:00 2001 From: default Date: Tue, 7 Feb 2023 09:01:57 +0100 Subject: [PATCH] Tweaked user and group permissions for new files and dirs. --- data.c | 4 ++-- main.c | 5 +++++ snac.c | 2 +- snac.h | 2 ++ upgrade.c | 10 +++++----- utils.c | 12 ++++++------ 6 files changed, 21 insertions(+), 14 deletions(-) diff --git a/data.c b/data.c index ad5304a..7b57003 100644 --- a/data.c +++ b/data.c @@ -88,7 +88,7 @@ int srv_open(char *basedir, int auto_upgrade) /* create the queue/ subdir, just in case */ xs *qdir = xs_fmt("%s/queue", srv_basedir); - mkdir(qdir, 0755); + mkdir(qdir, DIR_PERM); #ifdef __OpenBSD__ char *v = xs_dict_get(srv_config, "disable_openbsd_security"); @@ -434,7 +434,7 @@ d_char *_object_fn_by_md5(const char *md5) { xs *bfn = xs_fmt("%s/object/%c%c", srv_basedir, md5[0], md5[1]); - mkdir(bfn, 0755); + mkdir(bfn, DIR_PERM); return xs_fmt("%s/%s.json", bfn, md5); } diff --git a/main.c b/main.c index fbb16b4..4f9722b 100644 --- a/main.c +++ b/main.c @@ -8,6 +8,8 @@ #include "snac.h" +#include + int usage(void) { printf("snac " VERSION " - A simple, minimalistic ActivityPub instance\n"); @@ -55,6 +57,9 @@ int main(int argc, char *argv[]) int argi = 1; snac snac; + /* ensure group has write access */ + umask(0007); + if ((cmd = GET_ARGV()) == NULL) return usage(); diff --git a/snac.c b/snac.c index c15a74a..3cf146a 100644 --- a/snac.c +++ b/snac.c @@ -149,7 +149,7 @@ void srv_archive(const char *direction, xs_dict *req, xs *dir = xs_fmt("%s/archive/%s_%s", srv_basedir, date, direction); FILE *f; - if (mkdir(dir, 0755) != -1) { + if (mkdir(dir, DIR_PERM) != -1) { xs *meta_fn = xs_fmt("%s/_META", dir); if ((f = fopen(meta_fn, "w")) != NULL) { diff --git a/snac.h b/snac.h index da964ab..ab8bf3a 100644 --- a/snac.h +++ b/snac.h @@ -5,6 +5,8 @@ #define USER_AGENT "snac/" VERSION +#define DIR_PERM 02770 + extern double disk_layout; extern d_char *srv_basedir; extern d_char *srv_config; diff --git a/upgrade.c b/upgrade.c index 1b735c2..639dcda 100644 --- a/upgrade.c +++ b/upgrade.c @@ -36,7 +36,7 @@ int snac_upgrade(xs_str **error) else if (f < 2.1) { xs *dir = xs_fmt("%s/object", srv_basedir); - mkdir(dir, 0755); + mkdir(dir, DIR_PERM); nf = 2.1; } @@ -61,7 +61,7 @@ int snac_upgrade(xs_str **error) xs *dir = xs_fmt("%s/object/%c%c", srv_basedir, b[0], b[1]); xs *nfn = xs_fmt("%s/%s", dir, b); - mkdir(dir, 0755); + mkdir(dir, DIR_PERM); rename(fn, nfn); } @@ -88,7 +88,7 @@ int snac_upgrade(xs_str **error) xs *dir = xs_fmt("%s/hidden", snac.basedir); /* create the hidden directory */ - mkdir(dir, 0755); + mkdir(dir, DIR_PERM); /* rename all muted files incorrectly named .json */ xs *spec = xs_fmt("%s/muted/" "*.json", snac.basedir); @@ -117,10 +117,10 @@ int snac_upgrade(xs_str **error) if (user_open(&snac, v)) { xs *dir = xs_fmt("%s/public", snac.basedir); - mkdir(dir, 0755); + mkdir(dir, DIR_PERM); dir = xs_replace_i(dir, "public", "private"); - mkdir(dir, 0755); + mkdir(dir, DIR_PERM); user_free(&snac); } diff --git a/utils.c b/utils.c index 11b0799..48b2e74 100644 --- a/utils.c +++ b/utils.c @@ -143,19 +143,19 @@ int snac_init(const char *basedir) } } - if (mkdir(srv_basedir, 0755) == -1) { + if (mkdir(srv_basedir, 0775) == -1) { printf("ERROR: cannot create directory '%s'\n", srv_basedir); return 1; } xs *udir = xs_fmt("%s/user", srv_basedir); - mkdir(udir, 0755); + mkdir(udir, DIR_PERM); xs *odir = xs_fmt("%s/object", srv_basedir); - mkdir(odir, 0755); + mkdir(odir, DIR_PERM); xs *qdir = xs_fmt("%s/queue", srv_basedir); - mkdir(qdir, 0755); + mkdir(qdir, DIR_PERM); xs *gfn = xs_fmt("%s/greeting.html", srv_basedir); if ((f = fopen(gfn, "w")) == NULL) { @@ -243,7 +243,7 @@ int adduser(const char *uid) xs *basedir = xs_fmt("%s/user/%s", srv_basedir, uid); - if (mkdir(basedir, 0755) == -1) { + if (mkdir(basedir, DIR_PERM) == -1) { printf("ERROR: cannot create directory '%s'\n", basedir); return 0; } @@ -256,7 +256,7 @@ int adduser(const char *uid) for (n = 0; dirs[n]; n++) { xs *d = xs_fmt("%s/%s", basedir, dirs[n]); - mkdir(d, 0755); + mkdir(d, DIR_PERM); } xs *scssfn = xs_fmt("%s/style.css", srv_basedir);