From f96b0a7432f90c11eb8339e44e929f6925d635fb Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Sat, 21 Feb 2009 22:03:47 +0000 Subject: [PATCH] Implement umask_override --- def_data.c | 4 ++++ def_data.h | 2 ++ def_data.in | 3 +++ sudo.c | 20 +++++++++++++------- sudoers.pod | 9 +++++++++ 5 files changed, 31 insertions(+), 7 deletions(-) diff --git a/def_data.c b/def_data.c index 6a83be43e..8498464db 100644 --- a/def_data.c +++ b/def_data.c @@ -310,6 +310,10 @@ struct sudo_defs_types sudo_defs_table[] = { "fast_glob", T_FLAG, "Use faster globbing that is less accurate but does not access the filesystem", NULL, + }, { + "umask_override", T_FLAG, + "The umask specified in sudoers will override the user's, even if it is more permissive", + NULL, }, { NULL, 0, NULL } diff --git a/def_data.h b/def_data.h index 5f38375ef..bccfd160b 100644 --- a/def_data.h +++ b/def_data.h @@ -142,6 +142,8 @@ #define I_PWFEEDBACK 70 #define def_fast_glob (sudo_defs_table[71].sd_un.flag) #define I_FAST_GLOB 71 +#define def_umask_override (sudo_defs_table[72].sd_un.flag) +#define I_UMASK_OVERRIDE 72 enum def_tupple { never, diff --git a/def_data.in b/def_data.in index 037019767..625c14097 100644 --- a/def_data.in +++ b/def_data.in @@ -229,3 +229,6 @@ pwfeedback fast_glob T_FLAG "Use faster globbing that is less accurate but does not access the filesystem" +umask_override + T_FLAG + "The umask specified in sudoers will override the user's, even if it is more permissive" diff --git a/sudo.c b/sudo.c index 6ff8096b1..71186ef2c 100644 --- a/sudo.c +++ b/sudo.c @@ -453,14 +453,19 @@ main(argc, argv, envp) exit(rc); /* - * Override user's umask if configured to do so. - * If user's umask is more restrictive, OR in those bits too. + * Set umask based on sudoers. + * If user's umask is more restrictive, OR in those bits too + * unless umask_override is set. */ if (def_umask != 0777) { - mode_t mask = umask(def_umask); - mask |= def_umask; - if (mask != def_umask) - umask(mask); + if (def_umask_override) { + umask(def_umask); + } else { + mode_t mask = umask(def_umask); + mask |= def_umask; + if (mask != def_umask) + umask(mask); + } } /* Restore coredumpsize resource limit. */ @@ -537,7 +542,8 @@ main(argc, argv, envp) NewArgv[0] = "sh"; NewArgv[1] = safe_cmnd; execv(_PATH_BSHELL, NewArgv); - } warning("unable to execute %s", safe_cmnd); + } + warning("unable to execute %s", safe_cmnd); exit(127); } else if (ISSET(validated, FLAG_NO_USER | FLAG_NO_HOST)) { audit_failure(NewArgv, "No user or host"); diff --git a/sudoers.pod b/sudoers.pod index bca770f09..82db17e33 100644 --- a/sudoers.pod +++ b/sudoers.pod @@ -781,6 +781,15 @@ the user running it. With this flag enabled, B will use a file named for the tty the user is logged in on in that directory. This flag is I<@tty_tickets@> by default. +=item umask_override + +If set, B will set the umask as specified by I without +modification. This makes it possible to specify a more permissive +umask in I than the user's own umask and matches historical +behavior. If I is not set, B will set the +umask to be the union of the user's umask and what is specified in +I. This flag is I by default. + =item use_loginclass If set, B will apply the defaults specified for the target user's -- 2.40.0