From bf6a0e6d7276363c5ddcb5635900aa5a342f46b3 Mon Sep 17 00:00:00 2001 From: Kevin Locke Date: Mon, 13 Feb 2017 14:09:25 -0700 Subject: [PATCH] Avoid permissions errors for chown .well-known When acme.sh is run as a non-root user different from the owner of the webroot directory it is unable to change the owner of the files in .well-known to that user, causing permissions errors. Avoid this by making the files world-readable. These files should pose no disclosure risk since they are sent in cleartext during the HTTP Identifier Validation Challenge[1] and may already be exposed by directory enumeration, depending on server settings. AFAIK they should be safe to expose as world-readable in all cases. 1. https://ietf-wg-acme.github.io/acme/#rfc.section.7.2 Fixes Neilpang/acme.sh#32 Signed-off-by: Kevin Locke --- acme.sh | 20 +++++--------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/acme.sh b/acme.sh index 38965ddc..94becd63 100755 --- a/acme.sh +++ b/acme.sh @@ -3679,9 +3679,11 @@ issue() { _debug "writing token:$token to $wellknown_path/$token" - mkdir -p "$wellknown_path" - - if ! printf "%s" "$keyauthorization" >"$wellknown_path/$token"; then + # Ensure .well-known is visible to web server user/group + # https://github.com/Neilpang/acme.sh/pull/32 + if ! (umask ugo+rx \ + && mkdir -p "$wellknown_path" \ + && printf "%s" "$keyauthorization" >"$wellknown_path/$token"); then _err "$d:Can not write token to file : $wellknown_path/$token" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup @@ -3689,18 +3691,6 @@ issue() { return 1 fi - if [ ! "$usingApache" ]; then - if webroot_owner=$(_stat "$_currentRoot"); then - _debug "Changing owner/group of .well-known to $webroot_owner" - if ! _exec "chown -R \"$webroot_owner\" \"$_currentRoot/.well-known\""; then - _debug "$(cat "$_EXEC_TEMP_ERR")" - _exec_err >/dev/null 2>&1 - fi - else - _debug "not changing owner/group of webroot" - fi - fi - fi elif [ "$vtype" = "$VTYPE_TLS" ]; then