From 4166f4574eea8fdcfb738ff3f63afd4e79178bd4 Mon Sep 17 00:00:00 2001 From: CyberMind-FR Date: Fri, 30 Jan 2026 18:42:20 +0100 Subject: [PATCH] fix(metablogizer): Ensure file permissions on every upload - Set umask 022 before file operations - chmod 644 immediately after base64 decode - chmod 755 on site_path after each upload - Prevents 403 Forbidden from restrictive permissions Co-Authored-By: Claude Opus 4.5 --- .../root/usr/libexec/rpcd/luci.metablogizer | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/package/secubox/luci-app-metablogizer/root/usr/libexec/rpcd/luci.metablogizer b/package/secubox/luci-app-metablogizer/root/usr/libexec/rpcd/luci.metablogizer index 0b9a4f6e..7a0356f2 100755 --- a/package/secubox/luci-app-metablogizer/root/usr/libexec/rpcd/luci.metablogizer +++ b/package/secubox/luci-app-metablogizer/root/usr/libexec/rpcd/luci.metablogizer @@ -767,17 +767,23 @@ method_upload_file() { # Create directory structure if needed with proper permissions local dir_path=$(dirname "$file_path") + + # CRITICAL: Set umask BEFORE any file operations umask 022 + mkdir -p "$dir_path" chmod 755 "$dir_path" - # Decode base64 content and write file with world-readable permissions + # Write file - umask 022 ensures 644 permissions echo "$content" | base64 -d > "$file_path" 2>/dev/null local rc=$? - # Immediately set readable permissions on the file + # ALWAYS set readable permissions immediately after write chmod 644 "$file_path" 2>/dev/null + # Also ensure parent dirs are traversable + chmod 755 "$site_path" 2>/dev/null + if [ $rc -eq 0 ]; then # Fix permissions for entire site directory fix_permissions "$site_path"