Opened 6 years ago
Closed 6 years ago
#29163 closed Uncategorized (duplicate)
When uploading, if file size is greater than the FILE_UPLOAD_MAX_MEMORY_SIZE, the permissions of the file on disk is screwed up.
| Reported by: | Jibin | Owned by: | nobody |
|---|---|---|---|
| Component: | File uploads/storage | Version: | 2.0 |
| Severity: | Release blocker | Keywords: | TemporaryFileUploadHandler |
| Cc: | jibin.john@… | Triage Stage: | Unreviewed |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
I have Nginx+Gunicorn server with Django running on Ubuntu 16.04 LTS. I have a 'media' folder with appropriate ACL and umask setup. When uploading, if file size is less than FILE_UPLOAD_MAX_MEMORY_SIZE things work as expected.
getfacl sample.ipa # file: sample.ipa # owner: nobody # group: nogroup user::rw- group::rwx #effective:-w- mask::-w- other::r--
But when the file size is larger than FILE_UPLOAD_MAX_MEMORY_SIZE, the permissions get screwed up. See the difference in 'mask' and 'other' permissions. Since 'other' cannot read the file, Django returns "403 Forbidden"
getfacl sample.ipa # file: sample.ipa # owner: nobody # group: nogroup user::rw- group::rwx #effective:--- mask::--- other::---
If you increase FILE_UPLOAD_MAX_MEMORY_SIZE to greater than the actual file size, the issue is solved.
Could be a problem related to TemporaryFileUploadHandler.
Change History (3)
comment:1 by , 6 years ago
comment:3 by , 6 years ago
| Resolution: | → duplicate |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Is it a duplicate of #28540?