Hi Juan, Thanks for your detailed examination and report. The best way to proceed is definitely to create a ticket in trac: https://code.djangoproject.com/newticket .
Then, if you are willing and like to become a contributor, you can either add a patch or create a pull request on github. Thanks for your work! Wim On Sunday, 30 June 2013 18:13:59 UTC+2, gilberto dos santos alves wrote: > > yes. i agree. my tests in hostgator.com shared host show this. tests > in my ubuntu 12.04 amd64 shows same problem. using django 1.5 and > 1.6a, 16b. > > 2013/6/30 Juan Luis Boya <[email protected] <javascript:>>: > > They talk about there was a os.umask(0) and they created that option in > > order to change it. > > > > But I would like to know then, why was that `os.umask(0)` there in the > first > > place? What was it purpose? > > > > On the other hand there is the confusion this option brings. Many people > > think the option is intended to set the socket umask. Just in that bug > > report there is a user saying "umask=0111 creates a socket with > umask...". > > Even Django documentation recommends you to use separate users for > increased > > security and tells you to set umask argument in order for them to > > communicate. > > > > These are wrong! Setting that umask does not only not work if runfcgi is > not > > daemonized, but also gives write permissions to all files created by > Django > > to any user in its group (often the web server), potentially breaking > > isolation with other applications (i.e. PHP scripts being run as the > server > > user). > > > > - Juan Luis > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "Django developers" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > To post to this group, send email to > > [email protected]<javascript:>. > > > Visit this group at http://groups.google.com/group/django-developers. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > > > -- > gilberto dos santos alves > +55.11.98646-5049 > sao paulo - sp - brasil > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. For more options, visit https://groups.google.com/groups/opt_out.
