[PATCH] Cache: new options for set path and file permissions (ticket: #698)

Krzysztof Grzadziel poczta at krzysztofgrzadziel.pl
Mon May 4 00:14:26 UTC 2020 

# HG changeset patch
# User Krzysztof Grządziel <poczta at krzysztofgrzadziel.pl>
# Date 1588474577 -7200
#      Sun May 03 04:56:17 2020 +0200
# Node ID ae1a050faa5c718dc81928dced93337f1e64a4e6
# Parent  716eddd74bc2831537f5b3f7ecd16ad3e516d043
Cache: new options for set path and file permissions (ticket: #698)

Patch introduces two optional parameters for *_cache_path:
  - path_access_rights which sets chmod for directories under cache path
  - file_access_rights which sets chmod for files under cache path

diff -r 716eddd74bc2 -r ae1a050faa5c src/core/ngx_string.c
--- a/src/core/ngx_string.c	Thu Apr 23 15:10:26 2020 +0300
+++ b/src/core/ngx_string.c	Sun May 03 04:56:17 2020 +0200
@@ -1120,6 +1120,32 @@
 }
 
 
+/* parse octal number string representation to integer */
+ngx_int_t
+ngx_octtoi(u_char *line, size_t n)
+{
+    ngx_int_t  value;
+
+    if (n == 0) {
+        return NGX_ERROR;
+    }
+
+    for (value = 0; n--; line++) {
+        if (*line < '0' || *line > '7') {
+            return NGX_ERROR;
+        }
+
+        value = value * 8 + (*line - '0');
+    }
+
+    if (value < 0) {
+        return NGX_ERROR;
+    }
+
+    return value;
+}
+
+
 u_char *
 ngx_hex_dump(u_char *dst, u_char *src, size_t len)
 {
diff -r 716eddd74bc2 -r ae1a050faa5c src/core/ngx_string.h
--- a/src/core/ngx_string.h	Thu Apr 23 15:10:26 2020 +0300
+++ b/src/core/ngx_string.h	Sun May 03 04:56:17 2020 +0200
@@ -179,6 +179,7 @@
 off_t ngx_atoof(u_char *line, size_t n);
 time_t ngx_atotm(u_char *line, size_t n);
 ngx_int_t ngx_hextoi(u_char *line, size_t n);
+ngx_int_t ngx_octtoi(u_char *line, size_t n);
 
 u_char *ngx_hex_dump(u_char *dst, u_char *src, size_t len);
 
diff -r 716eddd74bc2 -r ae1a050faa5c src/http/ngx_http_cache.h
--- a/src/http/ngx_http_cache.h	Thu Apr 23 15:10:26 2020 +0300
+++ b/src/http/ngx_http_cache.h	Sun May 03 04:56:17 2020 +0200
@@ -177,6 +177,9 @@
     ngx_msec_t                       manager_sleep;
     ngx_msec_t                       manager_threshold;
 
+    ngx_int_t                        file_access_rights;
+    ngx_int_t                        path_access_rights;
+
     ngx_shm_zone_t                  *shm_zone;
 
     ngx_uint_t                       use_temp_path;
diff -r 716eddd74bc2 -r ae1a050faa5c src/http/ngx_http_file_cache.c
--- a/src/http/ngx_http_file_cache.c	Thu Apr 23 15:10:26 2020 +0300
+++ b/src/http/ngx_http_file_cache.c	Sun May 03 04:56:17 2020 +0200
@@ -1384,8 +1384,8 @@
                    "http file cache rename: \"%s\" to \"%s\"",
                    tf->file.name.data, c->file.name.data);
 
-    ext.access = NGX_FILE_OWNER_ACCESS;
-    ext.path_access = NGX_FILE_OWNER_ACCESS;
+    ext.access = cache->file_access_rights;
+    ext.path_access = cache->path_access_rights;
     ext.time = -1;
     ext.create_path = 1;
     ext.delete_file = 1;
@@ -2313,6 +2313,7 @@
     ngx_msec_t              loader_sleep, manager_sleep, loader_threshold,
                             manager_threshold;
     ngx_uint_t              i, n, use_temp_path;
+    ngx_int_t               file_access_rights, path_access_rights;
     ngx_array_t            *caches;
     ngx_http_file_cache_t  *cache, **ce;
 
@@ -2333,6 +2334,8 @@
     loader_files = 100;
     loader_sleep = 50;
     loader_threshold = 200;
+    file_access_rights = NGX_FILE_OWNER_ACCESS;
+    path_access_rights = NGX_FILE_OWNER_ACCESS;
 
     manager_files = 100;
     manager_sleep = 50;
@@ -2488,6 +2491,34 @@
             continue;
         }
 
+        if (ngx_strncmp(value[i].data, "file_access_rights=", 19) == 0) {
+
+            file_access_rights = ngx_octtoi(value[i].data + 19,
+                                            value[i].len - 19);
+            if (file_access_rights == NGX_ERROR) {
+                ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                                   "invalid file_access_rights value \"%V\"",
+                                   &value[i]);
+                return NGX_CONF_ERROR;
+            }
+
+            continue;
+        }
+
+        if (ngx_strncmp(value[i].data, "path_access_rights=", 19) == 0) {
+
+            path_access_rights = ngx_octtoi(value[i].data + 19,
+                                            value[i].len - 19);
+            if (path_access_rights == NGX_ERROR) {
+                ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                                   "invalid path_access_rights value \"%V\"",
+                                   &value[i]);
+                return NGX_CONF_ERROR;
+            }
+
+            continue;
+        }
+
         if (ngx_strncmp(value[i].data, "loader_sleep=", 13) == 0) {
 
             s.len = value[i].len - 13;
@@ -2580,6 +2611,8 @@
     cache->loader_files = loader_files;
     cache->loader_sleep = loader_sleep;
     cache->loader_threshold = loader_threshold;
+    cache->file_access_rights = file_access_rights;
+    cache->path_access_rights = path_access_rights;
     cache->manager_files = manager_files;
     cache->manager_sleep = manager_sleep;
     cache->manager_threshold = manager_threshold;

More information about the nginx-devel mailing list