id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
29537	Uploaded big files (>2621440 B) not readable by the server	fp4code	nobody	"There is a non-coherent uploading treatment between small and big files,
this can be problematic if different users are involved for main and django servers
(eg www-data for nginx and mysite for uwsgi processes).

If the file is small, the MemoryFileUploadHandler is used, file is 0o644, readable by the server.

If the file is big, the TemporaryFileUploadHandler is used, files are uploaded 0o600 in /tmp,
and moved by file_move_safe which keeps attributes. Hence the file is not readable by the www-data server.

A workaround is to define FILE_UPLOAD_PERMISSIONS=0o644,
but it should be good to have a coherent behavior,
taking into account that discovering this configuration anomaly is not immediate.



 

"	Bug	closed	File uploads/storage	1.11	Normal	duplicate			Unreviewed	0	0	0	0	0	0