httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 61631] New: htpasswd -v option should require read and not read-write for password file
Date Wed, 18 Oct 2017 14:22:56 GMT

            Bug ID: 61631
           Summary: htpasswd -v option should require read and not
                    read-write for password file
           Product: Apache httpd-2
           Version: 2.4.7
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P2
         Component: support
  Target Milestone: ---

Steps to reproduce on Ubuntu (where the bug was observed):
1) htpasswd –c User.Name
2) chmod 444
3) htpasswd -v User.Name

htpasswd: cannot open file for read/write access

The htpasswd application fails to verify the password and seems to require the file to be readable and writable.

It was expected that the htpasswd program only needs to be able to read the
file's contents and does not need write permission in order to verify if a
provided password is valid or not.

The following command does not provide version information for the installed
program: htpasswd --version

"man htpasswd" provides the Apache HTTP Server date as 2013-07-06

"apt-cache policy apache2" provides the installed version as

"apache2 -v" provides server version is Apache/2.4.7 (Ubuntu) and built Sep 18
2017 16:37:54

It is unknown if the issue occurs on other platforms.

Possibly related to Bug 45923 – htpasswd tries to open(file, O_RDONLY |

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message