#28540: Document changes to file upload permissions in Django 1.11 -------------------------------------+------------------------------------- Reporter: Yaroslav Demidenko | Owner: nobody Type: | Status: new Cleanup/optimization | Component: Documentation | Version: 1.11 Severity: Normal | Resolution: Keywords: ImageField, save, | Triage Stage: Accepted permissions | Has patch: 1 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 0 | UI/UX: 0 -------------------------------------+-------------------------------------
Comment (by Tim Graham): As I mentioned in the PR discussion, the new behavior seems consistent with the [https://github.com/django/django/commit/ff420b43647dd7f149f000efd2c7eb077f6ba5cf original documentation] added with the introduction of the `FILE_UPLOAD_PERMISSIONS` setting: On most platforms, temporary files will have a mode of `0600`, and files saved from memory will be saved using thesystem's standard umask. By default, `MemoryFileUploadHandler` is used for files up to `settings.FILE_UPLOAD_MAX_MEMORY_SIZE`, otherwise `TemporaryFileUploadHandler` is used. If we decide not to make a change (probably the discussion should move to django-developers), then we could at least add a note to the deployment checklist. Carlton proposed adding a system check that warns if the `FILE_UPLOAD_PERMISSIONS` setting isn't set but that feels a bit heavy handed as none of the open source Django projects I checked have specified this setting so presumably it isn't a common issue. -- Ticket URL: <https://code.djangoproject.com/ticket/28540#comment:11> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/064.d48d25a4b8b3f7b89b084ed755cb1a4f%40djangoproject.com. For more options, visit https://groups.google.com/d/optout.