Hi Juan, Thanks for your detailed examination and report. The best way to proceed is definitely to create a ticket in trac: https://code.djangoproject.com/newticket .
Then, if you are willing and like to become a contributor, you can either add a patch or create a pull request on github. Thanks for your work! Wim On Sunday, 30 June 2013 18:13:59 UTC+2, gilberto dos santos alves wrote: > > yes. i agree. my tests in hostgator.com shared host show this. tests > in my ubuntu 12.04 amd64 shows same problem. using django 1.5 and > 1.6a, 16b. > > 2013/6/30 Juan Luis Boya <ntr...@gmail.com <javascript:>>: > > They talk about there was a os.umask(0) and they created that option in > > order to change it. > > > > But I would like to know then, why was that `os.umask(0)` there in the > first > > place? What was it purpose? > > > > On the other hand there is the confusion this option brings. Many people > > think the option is intended to set the socket umask. Just in that bug > > report there is a user saying "umask=0111 creates a socket with > umask...". > > Even Django documentation recommends you to use separate users for > increased > > security and tells you to set umask argument in order for them to > > communicate. > > > > These are wrong! Setting that umask does not only not work if runfcgi is > not > > daemonized, but also gives write permissions to all files created by > Django > > to any user in its group (often the web server), potentially breaking > > isolation with other applications (i.e. PHP scripts being run as the > server > > user). > > > > - Juan Luis > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "Django developers" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to django-develop...@googlegroups.com <javascript:>. > > To post to this group, send email to > > django-d...@googlegroups.com<javascript:>. > > > Visit this group at http://groups.google.com/group/django-developers. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > > > -- > gilberto dos santos alves > +55.11.98646-5049 > sao paulo - sp - brasil > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. For more options, visit https://groups.google.com/groups/opt_out.
