From: Stefan Sperling Subject: Re: Packfile permissions To: Alisdair MacLeod Cc: gameoftrees@openbsd.org Date: Wed, 28 Oct 2020 13:13:02 +0100 On Wed, Oct 28, 2020 at 08:48:59AM +0000, Alisdair MacLeod wrote: > I've just been trying out gotweb and noticed that after a `got fetch` the > repository is no longer accessible, with the message: > > Error: open: /got/public/repo/objects/pack/pack-.idx: Permission > denied > > Diving in it looks like the packfiles are created with mktemp so have the > mode 0600 set rather than GOT_DEFAULT_FILE_MODE and so are not readable by > the httpd server user. > > Is this on purpose? If not I would be happy to put together a patch to apply > GOT_DEFAULT_FILE_MODE, probably just after the rename from > tmppackpath/tmpidxpath to packpath/idxpath in lib/fetch.c? Yes, I agree this change is needed. Thanks for spotting the problem. I can confirm that pack files in my own repositories have mode 600. I never noticed this problem because I only access those repositories with the owner's UID.