commit 8c25a0e66cb5f6ea96b120f8e80703e83a6ce85e from: Stefan Sperling date: Thu Jun 5 16:04:42 2025 UTC relax repository path permission checks in gotsys-repo-create Since gotwebd can now be given read access to gotd repositories by making the directory readable for the _gotwebd group, these checks are too strict. Stop requiring a specific GID, and allow group rx bits to be set for group read access. As before, keep rejecting world/other rwx bits for safety. Read access to repositories is supposed to be managed by gotd. commit - d77bec5ef230c9b6f65f6e2c10ed84ffc379ae22 commit + 8c25a0e66cb5f6ea96b120f8e80703e83a6ce85e blob - c4c4a136dcda41c4d605d1b4da5f06dc94e3517a blob + f980296b854cbf547c8a11a1f1181d2d48906255 --- gotsysd/libexec/gotsys-repo-create/gotsys-repo-create.c +++ gotsysd/libexec/gotsys-repo-create/gotsys-repo-create.c @@ -473,20 +473,21 @@ main(int argc, char **argv) goto done; } - if (gotd_gid != sb.st_gid) { + if (sb.st_mode & (S_IWGRP | S_IWOTH)) { error = got_error_fmt(GOT_ERR_BAD_PATH, - "directory is not owned by GID %u: %s", - gotd_gid, repos_path); - goto done; - } - - if (sb.st_mode & (S_IRWXG | S_IRWXO)) { - error = got_error_fmt(GOT_ERR_BAD_PATH, - "directory must only be accessible/writable by user %s: %s", + "directory must only be writable by user %s: %s", username, repos_path); goto done; } + if (sb.st_mode & (S_IROTH | S_IXOTH)) { + error = got_error_fmt(GOT_ERR_BAD_PATH, + "directory must not be world-readable: %s; " + "chmod 750 %s or chmod 700 %s recommended", + repos_path, repos_path, repos_path); + goto done; + } + if (gotsysd_imsg_compose_event(&iev, GOTSYSD_IMSG_PROG_READY, 0, -1, NULL, 0) == -1) { error = got_error_from_errno("gotsysd_imsg_compose_event");