From: R. Steve McKown <rsmckown@gmail.com>
Date: Mon, 1 Oct 2012 17:41:22 +0000 (-0600)
Subject: Set umask when runnning repository commands
X-Git-Tag: 0.6~1
X-Git-Url: https://oss.titaniummirror.com/gitweb?p=repo_shell.git;a=commitdiff_plain;h=0aa10cafb34f36da9f52b4c382e28e2679224149

Set umask when runnning repository commands

Repository file permissions should only allow write to the owner, read
to the owner's group, and no access for anyone else.
---

diff --git a/repo_shell.c b/repo_shell.c
index 7d34e57..e4918b3 100644
--- a/repo_shell.c
+++ b/repo_shell.c
@@ -18,6 +18,8 @@
 #define SHELL "/bin/bash"
 #define GIT_ACL_FILE ".gitacls"
 
+enum { REPO_UMASK = 027 };
+
 typedef struct {
   char *user;
   char *svn_root;
@@ -94,6 +96,7 @@ static int do_git_cmd(const char *cmd, char *arg, char *user)
     die("bad command");
 
   change_user(cfg.owner);
+  umask(REPO_UMASK);
   if (!git_check_access(cmd, arg, user))
     die("insufficient ACL permissions");
 
@@ -116,6 +119,7 @@ static int do_svnserve_cmd(const char *cmd, char *arg, char *user)
   int ret;
 
   change_user(cfg.owner);
+  umask(REPO_UMASK);
   return execvp(svnserve_argv[0], (char *const *) svnserve_argv);
 }