commit 4071bc439fdfba4df88f0a555367f987d4085491
from: Stefan Sperling <stsp@stsp.name>
via: Thomas Adam <thomas@xteddy.org>
date: Sat Jun 21 09:24:15 2025 UTC

relax repository path permission checks in gotsys-repo-create

Since gotwebd can now be given read access to gotd repositories
by making the directory readable for the _gotwebd group, these
checks are too strict. Stop requiring a specific GID, and allow
group rx bits to be set for group read access.

As before, keep rejecting world/other rwx bits for safety.
Read access to repositories is supposed to be managed by gotd.

commit - ddb085b36df4a5358dbeb2299c813826f34d39be
commit + 4071bc439fdfba4df88f0a555367f987d4085491
blob - a8b1c77ee85881667f37d0204cf050732b9083ac
blob + f1169eb5055e46b5b2694bd6b20fb7ee0f0570f7
--- gotsysd/libexec/gotsys-repo-create/gotsys-repo-create.c
+++ gotsysd/libexec/gotsys-repo-create/gotsys-repo-create.c
@@ -339,17 +339,18 @@ main(int argc, char **argv)
 		goto done;
 	}
 
-	if (gotd_gid != sb.st_gid) {
+	if (sb.st_mode & (S_IWGRP | S_IWOTH)) {
 		error = got_error_fmt(GOT_ERR_BAD_PATH,
-		    "directory is not owned by GID %u: %s",
-		    gotd_gid, repos_path);
+		    "directory must only be writable by user %s: %s",
+		    username, repos_path);
 		goto done;
 	}
 
-	if (sb.st_mode & (S_IRWXG | S_IRWXO)) {
+	if (sb.st_mode & (S_IROTH | S_IXOTH)) {
 		error = got_error_fmt(GOT_ERR_BAD_PATH,
-		    "directory must only be accessible/writable by user %s: %s",
-		    username, repos_path);
+		    "directory must not be world-readable: %s; "
+		    "chmod 750 %s or chmod 700 %s recommended",
+		    repos_path, repos_path, repos_path);
 		goto done;
 	}