TracAccountManager htpasswd file handling clobbers symlinks
|Reported by:||leosh||Owned by:||hasienda|
|Severity:||critical||Keywords:||htpasswd mangle file link|
I'm using TracAccountManager 0.2.1dev-r5273 on Ubuntu and had it pointed at a symlink of an htpasswd file (since I'm reusing the file for apache).
What happened was when the user passwords were changed in Trac, the symlink would get replaced by an actual file. This turned into all sorts of badness since there were now two htpasswd files that diverged.
The original htpasswd file was set to be readable and writable by trac, however the directory it was in wasn't. That may have had to do with this failure case. Both the directory the symlink was in and the symlink itself were read/write accessible by trac.
Change History (2)
comment:1 Changed 3 years ago by hasienda
- Keywords htpasswd mangle file link added
- Owner changed from mgood to hasienda
- Status changed from new to assigned
- Summary changed from TracAccountManager clobbers symlinks to TracAccountManager htpasswd file handling clobbers symlinks