Opened 10 months ago

Last modified 5 months ago

#28540 new Cleanup/optimization

Document changes to file upload permissions in Django 1.11

Reported by: Yaroslav Demidenko Owned by: nobody
Component: Documentation Version: 1.11
Severity: Normal Keywords: ImageField, save, permissions
Cc: Simen Heggestøyl, Keryn Knight Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Tim Graham)

This bug find in prod server (nginx, supervisor + gunicorn)

I have models: MainModel() and

SubModel(models.Model):
    main_id = FK(MainModel)
    im1 = ImageField()
    im2 = ImageField()
    im3 = ImageField()

When I fill SubModel object in admin (as InlineAdmin) and click save button, all images are saved, but permissions == 0600.
If I fill any two imgs (or one), all is well.
Django 1.10.5 - this bug not found.

Sorry for my English.

Change History (9)

comment:1 Changed 10 months ago by Tim Graham

Description: modified (diff)

Have you set settings.FILE_UPLOAD_PERMISSIONS? Can you reproduce the problem in a non-production environment? It's unclear if someone could reproduce the problem based on the little information you provided. Can you provide a minimal sample project that reproduces the issue? Can you bisect the regression to determine where the behavior changed?

comment:2 Changed 10 months ago by Tim Graham

Resolution: needsinfo
Status: newclosed

comment:3 Changed 7 months ago by Xavier Ordoquy

Been hitting the same issue although it's somewhat inconsistent. Some context:

  • Only have one FileField on the model.
  • So far, it's been happening and reproduced on production with only one file (24 uploaded files)

We'll set FILE_UPLOAD_PERMISSIONS and see if that fixes the issue.

Meanwhile, here's the raw unedited model. I don't think it has anything fancy and no signal:

@python_2_unicode_compatible
class Livret(models.Model):
    bDisplay = models.BooleanField("Utilisé ce semestre", default=True)
    nom = models.CharField(_("Nom"), max_length=255, blank=False, null=False)
    file = models.FileField(_("Fichier"), upload_to="PDF")
    infos = models.TextField(blank=True, null=True)
    tags = TaggableManager(blank=True)
    events = models.ManyToManyField(Event, related_name='livrets', verbose_name=("Events"), blank=True)

    def __str__(self):
        return self.nom

comment:4 Changed 7 months ago by Simen Heggestøyl

Cc: Simen Heggestøyl added
Resolution: needsinfo
Status: closednew

We've hit the same issue, and I've identified f734e2d4b2fc4391a4d097b80357724815c1d414 as the offending commit.

The issue seems to be that when FILE_UPLOAD_PERMISSIONS is None, the default system permissions are used. This worked fine for us, because our system default is 644, which is what we wanted. After f734e2d4b2fc4391a4d097b80357724815c1d414 however, when the uploaded file is sufficiently large, the system's permissions for temporary files is used instead (which was 600 in our case).

Setting FILE_UPLOAD_PERMISSIONS explicitly fixes the issue, but I think this behavioral change should be mentioned in the release notes.

comment:5 Changed 7 months ago by Simon Charette

Triage Stage: UnreviewedAccepted

comment:6 Changed 7 months ago by Tim Graham

Component: File uploads/storageDocumentation
Summary: When you save three or more ImageField in admin file perm = 0o600Document changes to file upload permissions in Django 1.11
Type: BugCleanup/optimization

The behavior might also be mentioned somewhere in the file upload documentation.

comment:7 Changed 5 months ago by René Fleschenberg

Are you sure that we should consider this a documentation bug? I think it doesn't make sense to use different permissions depending on the file size.

I know I am late to the party, but just in case it is of any use, I set up a minimal project that demonstrates the issue: https://github.com/rfleschenberg/django-file-upload-bug

comment:8 Changed 5 months ago by Tim Graham

No, I'm not sure. I don't think I investigated the issue in detail.

comment:9 Changed 5 months ago by Keryn Knight

Cc: Keryn Knight added
Note: See TracTickets for help on using tickets.
Back to Top