uploaded file permissions vary based on handler
|Reported by:||Dan Watson||Owned by:||nobody|
|Severity:||Keywords:||file upload permission mode|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
- Files uploaded into memory and saved to disk respect the umask, so uploads could have different permissions based on how big they are.
- If the webserver user and django user do not match (such as when running an external FastCGI process), the webserver can no longer serve uploaded files.
Attached is a patch that implements a
FILE_UPLOAD_PERMISSIONS setting. Right now, it defaults to the current behavior (leaving the permissions alone).
Discussion (or lack thereof) here:
The inconsistency seems like a bug to me, so marking as 1.0.