Caddy upgrade changes file permission

1. Caddy version (caddy version):

caddy v2.4.0 upgrade to v.2.4.1

2. How I run Caddy:

/usr/bin/caddy upgrade

a. System environment:

Red Hat 8.4
caddy is started as user caddy, but caddy file is owned by root and updated by root as well.

b. Command:

/usr/bin/caddy upgrade

c. Service/unit/compose file:

Not used

d. My complete Caddyfile or JSON config:

not used

3. The problem I’m having:

After the caddy upgrade, the caddy file changed permission from (root:root) 0755 to 0750 and I can not start it as caddy anymore. Maybe the caddy upgrade command should save the permission of the old file before writing the new one and than restore the permission?

4. Error messages and/or full log output:

● caddy.service - Caddy
   Loaded: loaded (/usr/lib/systemd/system/caddy.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Thu 2021-05-20 19:40:49 CEST; 2s ago
     Docs: https://caddyserver.com/docs/
  Process: XXXX ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile (code=exited, status=203/EXEC)
 Main PID: XXXX (code=exited, status=203/EXEC)

Mai 20 19:40:49 YYYY systemd[1]: caddy.service: Succeeded.
Mai 20 19:40:49 YYYY systemd[1]: Stopped Caddy.
Mai 20 19:40:49 YYYY systemd[1]: Starting Caddy...
Mai 20 19:40:49 YYYY systemd[1]: caddy.service: Main process exited, code=exited, status=203/EXEC
Mai 20 19:40:49 YYYY systemd[1]: caddy.service: Failed with result 'exit-code'.
Mai 20 19:40:49 YYYY systemd[1]: Failed to start Caddy.

5. What I already tried:

Fix can be done by chmod 0755 caddy , but replacing a file and change permission is “unexpected” and a fix should be done easily.

6. Links to relevant resources:

There was a bug in the upgrade command where it didn’t inherit the permissions of the original executable, setting its own hard-coded perms. This was fixed in v2.4.1. The tricky part here is how running caddy upgrade command with v2.4.0 will hit the bug as it downloads the one with the fix. Now you’ll just have to amend the perms as one-time fix, but shouldn’t recur in the future.

2 Likes

Thanks Mohammed, good to know. Thanks for the fix and the info.

This topic was automatically closed after 30 days. New replies are no longer allowed.