#8454: uploaded file permissions vary based on handler -----------------------------------------+---------------------------------- Reporter: dcwatson | Owner: nobody Status: new | Milestone: 1.0 Component: File uploads/storage | Version: SVN Keywords: file upload permission mode | Stage: Unreviewed Has_patch: 1 | -----------------------------------------+---------------------------------- As mentioned a few times in #2070, uploaded files large enough to be streamed to a temporary file get created with a mode of 0600, as per python's [http://docs.python.org/lib/module-tempfile.html tempfile.mkstemp]. This causes two problems:
1. Files uploaded into memory and saved to disk respect the umask, so uploads could have different permissions based on how big they are. 2. If the webserver user and django user do not match (such as when running an external FastCGI process), the webserver can no longer serve uploaded files. Attached is a patch that implements a `FILE_UPLOAD_PERMISSIONS` setting. Right now, it defaults to the current behavior (leaving the permissions alone). Discussion (or lack thereof) here: http://groups.google.com/group/django- developers/browse_frm/thread/e7d7ca62b9f6d331 The inconsistency seems like a bug to me, so marking as 1.0. -- Ticket URL: <http://code.djangoproject.com/ticket/8454> Django Code <http://code.djangoproject.com/> The web framework for perfectionists with deadlines --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-updates?hl=en -~----------~----~----~----~------~----~------~--~---
