Django

Code

Ticket #8454 (closed: fixed)

Opened 3 months ago

Last modified 3 months ago

uploaded file permissions vary based on handler

Reported by: dcwatson Assigned to: nobody
Milestone: 1.0 Component: File uploads/storage
Version: SVN Keywords: file upload permission mode
Cc: Triage Stage: Accepted
Has patch: 1 Needs documentation: 0
Needs tests: 0 Patch needs improvement: 0

Description

As mentioned a few times in #2070, uploaded files large enough to be streamed to a temporary file get created with a mode of 0600, as per python's tempfile.mkstemp. This causes two problems:

  1. Files uploaded into memory and saved to disk respect the umask, so uploads could have different permissions based on how big they are.
  2. If the webserver user and django user do not match (such as when running an external FastCGI process), the webserver can no longer serve uploaded files.

Attached is a patch that implements a FILE_UPLOAD_PERMISSIONS setting. Right now, it defaults to the current behavior (leaving the permissions alone).

Discussion (or lack thereof) here:

http://groups.google.com/group/django-developers/browse_frm/thread/e7d7ca62b9f6d331

The inconsistency seems like a bug to me, so marking as 1.0.

Attachments

8454.diff (2.1 kB) - added by dcwatson on 08/20/08 14:08:59.

Change History

08/20/08 14:08:59 changed by dcwatson

  • attachment 8454.diff added.

08/21/08 13:19:23 changed by anonymous

  • needs_better_patch changed.
  • needs_tests changed.
  • needs_docs changed.

08/24/08 12:11:44 changed by jacob

  • stage changed from Unreviewed to Accepted.

08/26/08 01:33:56 changed by julien

I like the approach taken in the proposed patch. But I think it should be made clear, both in the doc and in the constant's name (FILE_UPLOAD_PERMISSIONS), that this only applies to the standard file system (FileSystemStorage).

08/27/08 17:21:15 changed by jacob

  • status changed from new to closed.
  • resolution set to fixed.

(In [8640]) Fixed #8454: added a FILE_UPLOAD_PERMISSIONS setting to control the permissoin of files uploaded by the built-in file storage system. Thanks, dcwatson.

Add/Change #8454 (uploaded file permissions vary based on handler)




Change Properties
Action