diff options
| author | Vincent Petry <vincent@nextcloud.com> | 2022-06-10 12:23:31 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-06-10 12:23:31 +0300 |
| commit | bea755f1539e8c918b63347e5ff104f154c99b5c (patch) | |
| tree | 70eea1ac55aa9f22ca392afbda532aafd094c506 | |
| parent | 56b1453945e7052046031fdd210350b4aba940e0 (diff) | |
| parent | 74095699940184048e4cdd84360f41cc08a12528 (diff) | |
Merge pull request #32723 from MartinBrugnara/master
Expose umask override value as config parameter: localstorage.umask
| -rw-r--r-- | config/config.sample.php | 12 | ||||
| -rw-r--r-- | lib/private/Files/Storage/Local.php | 14 |
2 files changed, 21 insertions, 5 deletions
diff --git a/config/config.sample.php b/config/config.sample.php index c3a0048625c..4cb19c8d9e9 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -1840,6 +1840,18 @@ $CONFIG = [ 'localstorage.allowsymlinks' => false, /** + * Nextcloud overrides umask to ensure suitable access permissions + * regardless of webserver/php-fpm configuration and worker state. + * WARNING: Modifying this value has security implications and + * may soft-break the installation. + * + * Most installs shall not modify this value. + * + * Defaults to ``0022`` + */ +'localstorage.umask' => 0022, + +/** * EXPERIMENTAL: option whether to include external storage in quota * calculation, defaults to false. * diff --git a/lib/private/Files/Storage/Local.php b/lib/private/Files/Storage/Local.php index ee8a8c7d161..4996572a40e 100644 --- a/lib/private/Files/Storage/Local.php +++ b/lib/private/Files/Storage/Local.php @@ -15,6 +15,7 @@ * @author Jörn Friedrich Dreyer <jfd@butonic.de> * @author Klaas Freitag <freitag@owncloud.com> * @author Lukas Reschke <lukas@statuscode.ch> + * @author Martin Brugnara <martin@0x6d62.eu> * @author Michael Gapczynski <GapczynskiM@gmail.com> * @author Morris Jobke <hey@morrisjobke.de> * @author Robin Appelman <robin@icewind.nl> @@ -66,6 +67,8 @@ class Local extends \OC\Files\Storage\Common { private IMimeTypeDetector $mimeTypeDetector; + private $defUMask; + public function __construct($arguments) { if (!isset($arguments['datadir']) || !is_string($arguments['datadir'])) { throw new \InvalidArgumentException('No data directory set for local storage'); @@ -84,6 +87,7 @@ class Local extends \OC\Files\Storage\Common { $this->dataDirLength = strlen($this->realDataDir); $this->config = \OC::$server->get(IConfig::class); $this->mimeTypeDetector = \OC::$server->get(IMimeTypeDetector::class); + $this->defUMask = $this->config->getSystemValue('localstorage.umask', 0022); } public function __destruct() { @@ -95,7 +99,7 @@ class Local extends \OC\Files\Storage\Common { public function mkdir($path) { $sourcePath = $this->getSourcePath($path); - $oldMask = umask(022); + $oldMask = umask($this->defUMask); $result = @mkdir($sourcePath, 0777, true); umask($oldMask); return $result; @@ -273,7 +277,7 @@ class Local extends \OC\Files\Storage\Common { if ($this->file_exists($path) and !$this->isUpdatable($path)) { return false; } - $oldMask = umask(022); + $oldMask = umask($this->defUMask); if (!is_null($mtime)) { $result = @touch($this->getSourcePath($path), $mtime); } else { @@ -292,7 +296,7 @@ class Local extends \OC\Files\Storage\Common { } public function file_put_contents($path, $data) { - $oldMask = umask(022); + $oldMask = umask($this->defUMask); $result = file_put_contents($this->getSourcePath($path), $data); umask($oldMask); return $result; @@ -365,7 +369,7 @@ class Local extends \OC\Files\Storage\Common { if ($this->is_dir($path1)) { return parent::copy($path1, $path2); } else { - $oldMask = umask(022); + $oldMask = umask($this->defUMask); $result = copy($this->getSourcePath($path1), $this->getSourcePath($path2)); umask($oldMask); return $result; @@ -373,7 +377,7 @@ class Local extends \OC\Files\Storage\Common { } public function fopen($path, $mode) { - $oldMask = umask(022); + $oldMask = umask($this->defUMask); $result = fopen($this->getSourcePath($path), $mode); umask($oldMask); return $result; |