3 files changed, 17 insertions, 3 deletions

diff --git a/changes/bug19953 b/changes/bug19953
new file mode 100644
index 0000000000..919018dbb7
--- /dev/null
+++ b/changes/bug19953
@@ -0,0 +1,6 @@
+  o Minor bugfixes (relay)
+    - Honor DataDirectoryGroupReadable when tor is a relay. Previously, the
+      initialization of the keys would reset the DataDirectory to 0700 instead
+      of 0750 if DataDirectoryGroupReadable was set to 1. Fixes #19953. Patch
+      by "redfish".; bugfix on tor-0.0.2pre16.
+
diff --git a/src/or/router.c b/src/or/router.c
index 2d8208aa04..e4fa72a283 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -849,7 +849,12 @@ init_keys(void)
   if (init_keys_common() < 0)
     return -1;
   /* Make sure DataDirectory exists, and is private. */
-  if (check_private_dir(options->DataDirectory, CPD_CREATE, options->User)) {
+  cpd_check_t cpd_opts = CPD_CREATE;
+  if (options->DataDirectoryGroupReadable)
+    cpd_opts |= CPD_GROUP_READ;
+  if (check_private_dir(options->DataDirectory, cpd_opts, options->User)) {
+    log_err(LD_OR, "Can't create/check datadirectory %s",
+            options->DataDirectory);
     return -1;
   }
   /* Check the key directory. */
diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c
index 51802b15e5..e20787123e 100644
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@@ -785,8 +785,11 @@ load_ed_keys(const or_options_t *options, time_t now)
     if (options->command == CMD_KEYGEN)
       flags |= INIT_ED_KEY_TRY_ENCRYPTED;
 
-    /* Check the key directory */
-    if (check_private_dir(options->DataDirectory, CPD_CREATE, options->User)) {
+    /* Check/Create the key directory */
+    cpd_check_t cpd_opts = CPD_CREATE;
+    if (options->DataDirectoryGroupReadable)
+      cpd_opts |= CPD_GROUP_READ;
+    if (check_private_dir(options->DataDirectory, cpd_opts, options->User)) {
       log_err(LD_OR, "Can't create/check datadirectory %s",
               options->DataDirectory);
       goto err;