core: add option weechat.look.config_permissions (closes #2057)

author: Sébastien Helleu <flashcode@flashtux.org> 2024-05-18 09:16:47 +0200
committer: Sébastien Helleu <flashcode@flashtux.org> 2024-05-18 09:16:47 +0200
commit: 2423fdbf2d66d241c809f797f75afd65dff91568 (patch)
tree: d2eb301585f6591c0d710b35c26383f7ba4acb01 /src
parent: 839ffc4b0c6d575b97f834fbc33a49bcbd8f099f (diff)
download: weechat-2423fdbf2d66d241c809f797f75afd65dff91568.zip
3 files changed, 62 insertions, 2 deletions
diff --git a/src/core/core-config-file.c b/src/core/core-config-file.c
index 156035e40..a76078157 100644
--- a/src/core/core-config-file.c
+++ b/src/core/core-config-file.c
@@ -3193,7 +3193,8 @@ config_file_write_internal (struct t_config_file *config_file,
                             int default_options)
 {
     int filename_length, rc;
-    char *filename, *filename2, resolved_path[PATH_MAX];
+    long file_perms;
+    char *filename, *filename2, resolved_path[PATH_MAX], *error;
     struct t_config_section *ptr_section;
     struct t_config_option *ptr_option;
 
@@ -3339,7 +3340,20 @@ config_file_write_internal (struct t_config_file *config_file,
     config_file->file = NULL;
 
     /* update file mode */
-    chmod (filename2, 0600);
+    error = NULL;
+    file_perms = strtol (CONFIG_STRING(config_look_config_permissions), &error, 8);
+    if (!error || error[0])
+        file_perms = 0600;
+    if (chmod (filename2, file_perms) < 0)
+    {
+        gui_chat_printf (
+            NULL,
+            _("%sWARNING: failed to set permissions on configuration file "
+              "\"%s\" (%s)"),
+            gui_chat_prefix[GUI_CHAT_PREFIX_ERROR],
+            filename2,
+            strerror (errno));
+    }
 
     /* rename temp file to target file */
     rc = rename (filename2, filename);
diff --git a/src/core/core-config.c b/src/core/core-config.c
index 9258ab0ee..d02ae4eef 100644
--- a/src/core/core-config.c
+++ b/src/core/core-config.c
@@ -133,6 +133,7 @@ struct t_config_option *config_look_color_pairs_auto_reset = NULL;
 struct t_config_option *config_look_color_real_white = NULL;
 struct t_config_option *config_look_command_chars = NULL;
 struct t_config_option *config_look_command_incomplete = NULL;
+struct t_config_option *config_look_config_permissions = NULL;
 struct t_config_option *config_look_confirm_quit = NULL;
 struct t_config_option *config_look_confirm_upgrade = NULL;
 struct t_config_option *config_look_day_change = NULL;
@@ -394,6 +395,35 @@ config_change_sys_rlimit (const void *pointer, void *data,
 }
 
 /*
+ * Checks option "weechat.look.config_permissions".
+ */
+
+int
+config_check_config_permissions (const void *pointer, void *data,
+                                 struct t_config_option *option,
+                                 const char *value)
+{
+    const char *ptr_perm;
+
+    /* make C compiler happy */
+    (void) pointer;
+    (void) data;
+    (void) option;
+
+    if (!value || (strlen (value) != 3) || (value[0] != '6'))
+        return 0;
+
+    ptr_perm = value;
+    while (ptr_perm && ptr_perm[0])
+    {
+        if (!strchr ("0246", ptr_perm[0]))
+            return 0;
+        ptr_perm++;
+    }
+    return 1;
+}
+
+/*
  * Callback for changes on options "weechat.look.save_{config|layout}_on_exit".
  */
 
@@ -3462,6 +3492,21 @@ config_weechat_init_options ()
                "example /he for /help"),
             NULL, 0, 0, "off", NULL, 0,
             NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
+        config_look_config_permissions = config_file_new_option (
+            weechat_config_file, weechat_config_section_look,
+            "config_permissions", "string",
+            N_("permissions for configuration files (*.conf), as octal value "
+               "(see man chmod); it must be a number with 3 digits, each digit "
+               "can be 0 (no permissions), 2 (write only), 4 (read only) or "
+               "6 (read and write); the first digit must be 6 so that the user "
+               "can read and write the file; by default configuration files "
+               "can be read and written by the user only, for security "
+               "reasons; for example 660 = \"rw-rw-r--\" = file readable and "
+               "writable by the user and members of the group"),
+            NULL, 0, 0, "600", NULL, 0,
+            &config_check_config_permissions, NULL, NULL,
+            NULL, NULL, NULL,
+            NULL, NULL, NULL);
         config_look_confirm_quit = config_file_new_option (
             weechat_config_file, weechat_config_section_look,
             "confirm_quit", "boolean",
diff --git a/src/core/core-config.h b/src/core/core-config.h
index 2c7226bf2..e57e4ad0d 100644
--- a/src/core/core-config.h
+++ b/src/core/core-config.h
@@ -190,6 +190,7 @@ extern struct t_config_option *config_look_color_pairs_auto_reset;
 extern struct t_config_option *config_look_color_real_white;
 extern struct t_config_option *config_look_command_chars;
 extern struct t_config_option *config_look_command_incomplete;
+extern struct t_config_option *config_look_config_permissions;
 extern struct t_config_option *config_look_confirm_quit;
 extern struct t_config_option *config_look_confirm_upgrade;
 extern struct t_config_option *config_look_day_change;
author	Sébastien Helleu <flashcode@flashtux.org>	2024-05-18 09:16:47 +0200
committer	Sébastien Helleu <flashcode@flashtux.org>	2024-05-18 09:16:47 +0200
commit	2423fdbf2d66d241c809f797f75afd65dff91568 (patch)
tree	d2eb301585f6591c0d710b35c26383f7ba4acb01 /src
parent	839ffc4b0c6d575b97f834fbc33a49bcbd8f099f (diff)
download	weechat-2423fdbf2d66d241c809f797f75afd65dff91568.zip