Changes between Initial Version and Version 1 of Ticket #30004, comment 18
- Timestamp:
- Feb 7, 2019, 3:10:19 AM (6 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #30004, comment 18
initial v1 6 6 Consider the following scenario. We have a Django application which allows a user to upload pictures. Let's say this app runs in a process-A running as some system user-1. Now we have another process-B which modifies this image in place(maybe removing colors that the human eye cannot recognize or shrinking the image etc.). This image manipulation process is run as some other system user-2. 7 7 8 Now in order for process B to modify these images, we would require to set FILE_UPLOAD_PERMISSIONS to '0o646'(assuming process-B is other than group).8 Now in order for process B to modify these images, we would require to set FILE_UPLOAD_PERMISSIONS to '0o646'(assuming process-B is running as some other user than file's own group). 9 9 10 10 I understand this is not a great way to do such manipulation. We probably want to do this in a different way by making a copy original image before process-B modifies it. This is just an example.