Comment 0 for bug 540747

Binary package hint: apache2

I am a Git pull/push through Apache https user, and I also use the file-based protocol. Recently I noticed that the Git repository was filled with objects of permission -rw------ belonging to www-data, the Apache server username. After further digging, this is not Git's problem, but possibly mod_dav_fs's. In fact, any file transferred with a DAV "PUT" command results in said 0600 permissions.

Although this is arguably a feature of Ubuntu, I found that the behavior differs from a standard Apache server. To reproduce:
1) Download the original archive from http://archive.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14.orig.tar.gz and build with "./configure --enable-dav-fs=shared --enable-dav-lock=shared --enable-dav=shared".
This should result in a mod_dav_fs.so library in modules/dav/fs/.libs. Place such a shared library in /usr/lib/apache/modules as a replacement for the one already there.
2) Set up a DAV location like so:
 <IfModule dav_fs_module>

    <Location "/test">

        DAV on

    </Location>

</IfModule>
3) Use "cadaver" to connect to your server and PUT a file in location "test". The idea is that the permissions come out as 0600 for the standard Lucid installation and 0644 for the vanilla Apache module.

Further evidence supporting the idea that the problem arises from Ubuntu packaging is the rather extensive modifications to mod_dav_fs code in the diff found at http://archive.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu3.diff.gz.

Thank you for your attention!
-Roy