Opened 5 years ago
Closed 5 years ago
#31921 closed Bug (fixed)
Python 3.7: new behavior of os.makedirs breaks FileSystemStorage permissions on intermediate directories
| Reported by: | WhiteSage | Owned by: | Mariusz Felisiak |
|---|---|---|---|
| Component: | File uploads/storage | Version: | 2.2 |
| Severity: | Release blocker | Keywords: | python3.7 makedirs permissions |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
From the python os library documentation (https://docs.python.org/3/library/os.html), regarding os.makedirs:
Changed in version 3.7: The mode argument no longer affects the file permission bits of newly-created intermediate-level directories.
As FileSystemStorage._save() directly calls os.makedirs all intermediate folders will be created with 777 permissions, ignoring the directory_permissions_mode member field.
Steps to reproduce:
django-admin startproject bugreport
Append to settings.py
STATIC_ROOT = BASE_DIR / 'static' FILE_UPLOAD_DIRECTORY_PERMISSIONS = 0o750
Call
python manage.py collectstatic
Intermediate folders such as static/admin will have permissions 777.
Note: python version at least 3.7 is required!
Could have security implications when running on a production server.
Change History (4)
comment:1 by , 5 years ago
| Severity: | Normal → Release blocker |
|---|---|
| Triage Stage: | Unreviewed → Accepted |
| Version: | 3.1 → 2.2 |
comment:2 by , 5 years ago
It is not true that intermediate folders will have permissions 777. The current user umask will still apply, so on my system, intermediate directories are created with 755 permissions.
comment:3 by , 5 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:4 by , 5 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Thanks.
Security issues should be reported privately via security@…