feat(config): Allow defining config.php permissions after write

Signed-off-by: Joas Schilling <coding@schilljs.com>
2026-05-28 04:32:30 -04:00 · 2026-02-17 15:25:47 +01:00 · 2026-02-17 15:25:47 +01:00 · af9308344b
commit af9308344b
parent f2907f133c
2 changed files with 10 additions and 2 deletions
--- a/config/config.sample.php
+++ b/config/config.sample.php
@ -2613,6 +2613,13 @@ $CONFIG = [
 	 */
 	'data-fingerprint' => '',

+	/**
+	 * config.php file mode in octal notation.
+	 *
+	 * Defaults to ``0640`` (writable by user, readable by group).
+	 */
+	'configfilemode' => 0640,
+
 	/**
 	 * This entry serves as a warning if the sample configuration was copied.
 	 * DO NOT ADD THIS TO YOUR CONFIGURATION!
--- a/lib/private/Config.php
+++ b/lib/private/Config.php
@ -276,8 +276,9 @@ class Config {
 		touch($this->configFilePath);
 		$filePointer = fopen($this->configFilePath, 'r+');

-		// Prevent others not to read the config
-		chmod($this->configFilePath, 0640);
+		// Apply permissions for config.php, defaulting to user read-write and group read
+		$permissions = $this->cache['configfilemode'] ?? 0640;
+		chmod($this->configFilePath, $permissions);

 		// File does not exist, this can happen when doing a fresh install
 		if (!is_resource($filePointer)) {