On 1/12/12 10:44 PM, David F. Skoll wrote:
> On Fri, 13 Jan 2012 20:18:59 -0700
> Philip Prindeville <[email protected]> wrote:
>
>> - umask(077);
>> + umask(027);
>
> I don't think we want to set the umask to 027 unconditionally. But the
> new "-G" option should set the umask so that files are group-readable
> and sockets are group readable/writable, I think.
>
> Regards,
>
> David.
Quoting mkdir(2):
The argument mode specifies the permissions to use. It is modified by
the process's umask in the usual way: the permissions of the created
directory are (mode & ~umask & 0777). Other mode bits of the created
directory depend on the operating system. For Linux, see below.
So when mimedefang.c:get_fd() does:
sample_fd = open(buf, O_CREAT|O_APPEND|O_RDWR, 0640);
This results in (0640 & ~077 & 0777) or (0640 & 0700 & 0777) or (0640 & 0700)
or 600... i.e. no group writability.
So the patch that I sent is correct and has been tested. Repeating the math,
we get (0640 & ~0270 & 0777) or (0640 & 0750 & 0777) or (0640 & 0750) or 0640.
Quoting open(2):
O_CREAT
[...]
mode specifies the permissions to use in case a new file is cre‐
ated. This argument must be supplied when O_CREAT is specified
in flags; if O_CREAT is not specified, then mode is ignored.
The effective permissions are modified by the process's umask in
the usual way: The permissions of the created file are
(mode & ~umask). Note that this mode only applies to future
accesses of the newly created file; the open() call that creates
a read-only file may well return a read/write file descriptor.
And that's the same description (it elides the masking with 0777 since
sticky-bits, etc. are legal).
-Philip
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
