TracAccountManager htpasswd file handling clobbers symlinks
|Reported by:||Leo||Owned by:||Steffen Hoffmann|
|Severity:||critical||Keywords:||htpasswd mangle file link|
I'm using TracAccountManager 0.2.1dev-r5273 on Ubuntu and had it pointed at a symlink of an htpasswd file (since I'm reusing the file for apache).
What happened was when the user passwords were changed in Trac, the symlink would get replaced by an actual file. This turned into all sorts of badness since there were now two htpasswd files that diverged.
The original htpasswd file was set to be readable and writable by trac, however the directory it was in wasn't. That may have had to do with this failure case. Both the directory the symlink was in and the symlink itself were read/write accessible by trac.
Change History (2)
comment:1 Changed 6 years ago by
|Keywords:||htpasswd mangle file link added|
|Owner:||changed from Matt Good to Steffen Hoffmann|
|Status:||new → assigned|
|Summary:||TracAccountManager clobbers symlinks → TracAccountManager htpasswd file handling clobbers symlinks|