acme.sh icon indicating copy to clipboard operation
acme.sh copied to clipboard

Published 20 hours ago verified publisher icon acmesh-official

Avoid permissions errors for chown .well-known

Open kevinoid opened this issue 8 years ago • 2 comments

When acme.sh is run as a non-root user different from the owner of the webroot directory it is unable to change the owner of the files in .well-known to that user, causing permissions errors. Avoid this by making the files world-readable.

These files should pose no disclosure risk since they are sent in cleartext during the HTTP Identifier Validation Challenge and may already be exposed by directory enumeration, depending on server settings. AFAIK they should be safe to expose as world-readable in all cases.

Fixes Neilpang/acme.sh#32

Thanks for considering, Kevin

kevinoid avatar Feb 16 '17 03:02 kevinoid

For reference, it does not appear that the issue was fixed. I'm open to providing an alternative implementation if this one was found to be unacceptable.

kevinoid avatar Jan 19 '22 14:01 kevinoid

sorry, it was closed by accident.

Neilpang avatar Jan 19 '22 14:01 Neilpang