id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 30004 Set default FILE_UPLOAD_PERMISSION to 0o644. Evgeny Arshinov Himanshu Lakhara "Hello, As far as I can see, the [https://docs.djangoproject.com/en/2.1/topics/http/file-uploads/ File Uploads] documentation page does not mention any permission issues. What I would like to see is a warning that in absence of explicitly configured `FILE_UPLOAD_PERMISSIONS`, the permissions for a file uploaded to `FileSystemStorage` might not be consistent depending on whether a `MemoryUploadedFile` or a `TemporaryUploadedFile` was used for temporary storage of the uploaded data (which, with the default FILE_UPLOAD_HANDLERS, in turn depends on the uploaded data size). The `tempfile.NamedTemporaryFile` + `os.rename` sequence causes the resulting file permissions to be 0o0600 on some systems (I experience it here on CentOS 7.4.1708 and Python 3.6.5). In all probability, the implementation of Python's built-in `tempfile` module explicitly sets such permissions for temporary files due to security considerations. I found mentions of this issue [https://github.com/divio/django-filer/issues/1031 on GitHub], but did not manage to find any existing bug report in Django's bug tracker." Cleanup/optimization closed File uploads/storage dev Normal fixed Ready for checkin 1 0 0 0 0 0