[dokuwiki] Re: darcs patch: Fix wrong umask usage and so we set the ... (and 2 more)

On Saturday 25 February 2006 16:57, Andreas Gohr wrote:
> On Fri, 24 Feb 2006 22:27:39 +0100 (CET)
>
> Troels Liebe Bentsen <tlb@xxxxxxxxxxx> wrote:
> > Fri Feb 24 22:16:55 CET 2006  Troels Liebe Bentsen <tlb@xxxxxxxxxxx>
> >   * Fix umask bug and do a code cleanup of chmod/mkdir usage so set
> >   the correct permissions, this should also fix problems with dokuwiki
> >   making setuid files on some umasks.
> >     * Don't set the umask() anymore, this is not good form and we
> >     don't really know what is it in the old code anyway as it was not
> >     done properly. * Retire the dmask config option introduce 2 new
> >     ones called fmode and dmode, this is more in line with posix and
> >     should make more sense. * Use chmod for setting the correct
> >     permissions but only if it's needed. * Set changing of permissions
> >     off by default as i should work properly in most Apache setups
> >     without and it does not make sense on windows anyway.
>
> I just applied your patch but have some questions.
>
> By default none of the umask, fmode and dmode are set - resulting in
> 0666 for files and 0777 for directories, correct?
No, if the system umask is 0022, it would be 0644 for files and 0755 for 
directories.

Apache inherits the "umask" from the system(the process that forks and exec 
Apache, normally the init shell on start up) when it first starts, on most 
Linux/UNIX systems this is set to "0002" or "0022", so files should be 
created with the correct premissions in most cases by not doing anything.

I should properly explain why we have the "umask" in the first place, the 
system calls for creating a new file(ie. open, fopen, etc.) does not have a 
parameter for setting the UNIX premissions(properly for legacy reasons), but 
the file need premissions so we have a default of 0666, this is not to handy 
as everyone would be able to write to our file when we first open it. 

This is where umask comes in to the picture, to make sure the file has sane 
premissions the umask is applied to the default premissions eg. (0666 & 
~0022) = 0644. 

So why the bin and with a inverted mask, this is to make sure the calculation 
is done correctly eg.

0600 = 0700 & ~0122 (CORRECT)
0556 = 0700 - 0122 (WRONG)

Creating a directory(mkdir) is a little bit diffrent, here you can set the 
premissions but her the umask is also applied, so we still need to take that 
into account. That why we have the default dmode of 777 as to make it work 
like the files.

I guess this whole mess is meant to make it easy to create new files and 
directories and not have to worry about premissions.

> When the umask is set, it is combined with the values for fmode and
> dmode (or the defaults above) resulting in the params fmask and dmask.
> Both of them are not masks (eg. inverted) but the real permissions for
> dirs and files, correct?
Yes more or less, chmod is the only systemcall where the umask is not applied.

>
> I can leave the umask config uncommented and just set fmode and dmode to
> the value I'd like to have my files and dirs, correct?
No, you need both the umask and [fd]mode to make sure you get the premissions 
you want. Here er some examples(fpre=file premissions, dpre=directory 
premissions):

The normal case where we only set the umask:
conf-umask: 0022 = fpre: 0644, dpre: 0755

Not really that usefull, but it shows the point.
conf-umask: 0011 = fpre: 0655, dpre: 0744

Here we make sure only user and group can read files.
conf-umask: 0022, conf-fmode: 0660 = fpre: 0640, dpre: 0755

Her we make sure only user and group can go into and read directories.
conf-umask: 0022, conf-dmode: 0660 = fpre: 0644, dpre: 0750

>
> If the above is correct, we don't really need the umask config at all,
> am I right?
No, to be able to make every possible configuration without having to call 
chmod in every time we need all 3. But the best thing would be not to mess 
with it, most cases it will work as it should. 

Hope that helped.

Troels.
-- 
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Other related posts: