Opened 4 years ago
Closed 4 years ago
#31921 closed Bug (fixed)
Python 3.7: new behavior of os.makedirs breaks FileSystemStorage permissions on intermediate directories
Reported by: | WhiteSage | Owned by: | Mariusz Felisiak |
---|---|---|---|
Component: | File uploads/storage | Version: | 2.2 |
Severity: | Release blocker | Keywords: | python3.7 makedirs permissions |
Cc: | Triage Stage: | Accepted | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
From the python os library documentation (https://docs.python.org/3/library/os.html), regarding os.makedirs:
Changed in version 3.7: The mode argument no longer affects the file permission bits of newly-created intermediate-level directories.
As FileSystemStorage._save() directly calls os.makedirs all intermediate folders will be created with 777 permissions, ignoring the directory_permissions_mode member field.
Steps to reproduce:
django-admin startproject bugreport
Append to settings.py
STATIC_ROOT = BASE_DIR / 'static' FILE_UPLOAD_DIRECTORY_PERMISSIONS = 0o750
Call
python manage.py collectstatic
Intermediate folders such as static/admin will have permissions 777.
Note: python version at least 3.7 is required!
Could have security implications when running on a production server.
Change History (4)
comment:1 by , 4 years ago
Severity: | Normal → Release blocker |
---|---|
Triage Stage: | Unreviewed → Accepted |
Version: | 3.1 → 2.2 |
comment:2 by , 4 years ago
It is not true that intermediate folders will have permissions 777
. The current user umask will still apply, so on my system, intermediate directories are created with 755
permissions.
comment:3 by , 4 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:4 by , 4 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Thanks.
Security issues should be reported privately via security@…