aboutsummaryrefslogtreecommitdiff
path: root/doc/bugs/octal_umask_setting_is_unintuitive.mdwn
blob: 5cdefcf09d70a7fad5eafa790571dd0629f17897 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
To make ikiwiki publish world-readable files (usually what you want)
regardless of your umask, you override the `umask` setting to 022
octal (which is 18 in decimal). So far so good.

However, because it's interpreted as a plain number in Perl, the
way you set it varies between formats. In `IkiWiki::Setup::Standard`
you can use either

    umask => 022

or (less obviously) one of

    umask => 18
    umask => "18"

but if you use

    umask => "022"

you get the less than helpful umask of 026 octal (22 decimal).

Similarly, in `IkiWiki::Setup::Yaml` (the default for
[ikiwiki-hosting](http://ikiwiki-hosting.branchable.com/)
you have to use one of

    umask: 18
    umask: "18"

and if you try to say 022 you'll get 22 decimal = 026 octal.

[[!tag patch]]
[[!template id=gitbranch branch=smcv/umask-keywords author="[[smcv]]"]]

Perhaps the best way to solve this would be to have keywords
for the few values of `umask` that are actually useful?

* `private` (= 077 octal = 63 decimal)
* `group` (= 027 octal = 23 decimal)
* `public` (= 022 octal = 18 decimal)

I don't think g+w is a good idea in any case, because as
documented on [[security]], if ikiwiki makes its `srcdir`
group-writeable then any member of the group can "cause
trouble" (escalate privileges to those of the wiki user?)
via a symlink attack. So I don't think we need keywords
for those.

--[[smcv]]

> I support this change, but your git repository does not seem to have
> that branch (or anything) in it today. --[[Joey]]

>> git pushes have a restrictive umask, ironically... fixed. --[[smcv]]

>>> [[done]] --[[Joey]]