Apache Web DAV incorrect permissions
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OEM Priority Project |
Won't Fix
|
Medium
|
James M. Leddy | ||
Lucid |
Won't Fix
|
Medium
|
Unassigned | ||
apache2 (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Lucid |
Fix Released
|
Medium
|
Chuck Short |
Bug Description
SRU information:
================
[Impact]
This bug stems from web dav modifying files to have permissions 600 instead of the standard 644. When this happens , it is impossible for Apache to then go serve out the pages. This basically makes the webdav unusable and makes a nasty crond chmod script necessary.
[Development Fix]
First fixed upstream, then brought down as part of apache 2.2.15-3
[Stable Fix]
see attached '99-fix-
[Test Case]
1) Download the original archive from http://
This should result in a mod_dav_fs.so library in modules/
2) Set up a DAV location like so:
<IfModule dav_fs_module>
<Location "/test">
DAV on
</Location>
</IfModule>
3) Use "cadaver" to connect to your server and PUT a file in location "test". The idea is that the permissions come out as 0600 for the standard Lucid installation and 0644 for the vanilla Apache module.
[Regression Potential]
Low. This has patch has already been applied upstream and is in use by however many 10.10, 11.04, and 11.10 users. The compiled LTS pachage has also tested by someone that is experiencing the original problem.
================
Original report:
================
Binary package hint: apache2
I am a Git pull/push through Apache https user, and I also use the file-based protocol. Recently I noticed that the Git repository was filled with objects of permission -rw------ belonging to www-data, the Apache server username. After further digging, this is not Git's problem, but possibly mod_dav_fs's. In fact, any file transferred with a DAV "PUT" command results in said 0600 permissions.
Although this is arguably a feature of Ubuntu, I found that the behavior differs from a standard Apache server. To reproduce:
1) Download the original archive from http://
This should result in a mod_dav_fs.so library in modules/
2) Set up a DAV location like so:
<IfModule dav_fs_module>
<Location "/test">
DAV on
</Location>
</IfModule>
3) Use "cadaver" to connect to your server and PUT a file in location "test". The idea is that the permissions come out as 0600 for the standard Lucid installation and 0644 for the vanilla Apache module.
Further evidence supporting the idea that the problem arises from Ubuntu packaging is the rather extensive modifications to mod_dav_fs code in the diff found at http://
Thank you for your attention!
-Roy
Changed in apache2 (Ubuntu): | |
status: | Incomplete → Confirmed |
Changed in apache2 (Ubuntu): | |
status: | Fix Released → Confirmed |
status: | Confirmed → Fix Released |
Changed in oem-priority: | |
importance: | Undecided → Medium |
Changed in oem-priority: | |
status: | New → Triaged |
Changed in oem-priority: | |
status: | Triaged → In Progress |
assignee: | nobody → James M. Leddy (jm-leddy) |
description: | updated |
tags: |
added: verification-done removed: verification-needed |
This is probably due to the one of the mod_dav patches that has been backported from svn tree. if you try the latest available version of apache you will probably get the same results. If you can verify that it is, otherwise its a bug that we have.
Regards
chuck