From 22dfedf6ae447404616102b14c01bdf9ddb70caf Mon Sep 17 00:00:00 2001 From: Kevin Locke Date: Mon, 13 Feb 2017 14:09:25 -0700 Subject: [PATCH] Avoid permissions errors for chown .well-known When acme.sh is run as a non-root user different from the owner of the webroot directory it is unable to change the owner of the files in .well-known to that user, causing permissions errors. Avoid this by making the files world-readable. These files should pose no disclosure risk since they are sent in cleartext during the HTTP Identifier Validation Challenge[1] and may already be exposed by directory enumeration, depending on server settings. AFAIK they should be safe to expose as world-readable in all cases. 1. https://ietf-wg-acme.github.io/acme/#rfc.section.7.2 Fixes Neilpang/acme.sh#32 Signed-off-by: Kevin Locke --- acme.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/acme.sh b/acme.sh index 9842e3f1..3e1c85bd 100755 --- a/acme.sh +++ b/acme.sh @@ -5002,9 +5002,11 @@ $_authorizations_map" _debug "Writing token: $token to $wellknown_path/$token" - mkdir -p "$wellknown_path" - - if ! printf "%s" "$keyauthorization" >"$wellknown_path/$token"; then + # Ensure .well-known is visible to web server user/group + # https://github.com/Neilpang/acme.sh/pull/32 + if ! (umask ugo+rx && + mkdir -p "$wellknown_path" && + printf "%s" "$keyauthorization" >"$wellknown_path/$token"); then _err "$d: Cannot write token to file: $wellknown_path/$token" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup