Avoid permissions errors for chown .well-known

When acme.sh is run as a non-root user different from the owner of the webroot directory it is unable to change the owner of the files in .well-known to that user, causing permissions errors. Avoid this by making the files world-readable. These files should pose no disclosure risk since they are sent in cleartext during the HTTP Identifier Validation Challenge[1] and may already be exposed by directory enumeration, depending on server settings. AFAIK they should be safe to expose as world-readable in all cases. 1. https://ietf-wg-acme.github.io/acme/#rfc.section.7.2 Fixes Neilpang/acme.sh#32 Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
2017-02-13 14:09:25 -07:00 · 2017-02-13 14:09:25 -07:00 · 22dfedf6ae
parent fca53a0c2c
commit 22dfedf6ae
1 changed files with 5 additions and 3 deletions
--- a/acme.sh
+++ b/acme.sh
@ -5002,9 +5002,11 @@ $_authorizations_map"

        _debug "Writing token: $token to $wellknown_path/$token"

-        mkdir -p "$wellknown_path"
-
-        if ! printf "%s" "$keyauthorization" >"$wellknown_path/$token"; then
+        # Ensure .well-known is visible to web server user/group
+        # https://github.com/Neilpang/acme.sh/pull/32
+        if ! (umask ugo+rx &&
+          mkdir -p "$wellknown_path" &&
+          printf "%s" "$keyauthorization" >"$wellknown_path/$token"); then
          _err "$d: Cannot write token to file: $wellknown_path/$token"
          _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
          _clearup