Bug #27721

Permissions of uploaded resources not correct

Added by Karsten Dambekalns about 10 years ago. Updated over 9 years ago.

Status:
Needs Feedback
Priority:
Should have
Category:
Resource
Target version:
-
Start date:
2011-06-27
Due date:
% Done:

0%

Estimated time:
PHP Version:
Has patch:
No
Complexity:

Description

The permissions are not correct and furthermore the setgid bit doesn't have any effect.

#1

Updated by Karsten Dambekalns about 10 years ago

  • Status changed from New to Needs Feedback
  • Assignee set to Karsten Dambekalns

The use of move_uploaded_file() obviously "creates" a new file at the target, that's why the setgid bit is effective. With rename() the file is moved "together" with it's group, so no setgid bit taking effect (also not using plain mv in a shell).

The question now is, do we want to add a group and/or permission setting for files created by FLOW3 to use chgrp() and chmod() to set accordingly?

#2

Updated by Karsten Dambekalns almost 10 years ago

  • Target version deleted (1230)
#4

Updated by Karsten Dambekalns almost 10 years ago

  • Has patch set to No

Robert, any strong emotions about this one?

#5

Updated by Robert Lemke almost 10 years ago

Hmm, would copy + unlink be a feasible workaround?

#6

Updated by Bastian Waidelich over 9 years ago

  • Subject changed from Permissiosn of uploaded resources not correct to Permissions of uploaded resources not correct
#7

Updated by Christian Müller over 9 years ago

Isn't the current state enough with calling fixFilePermissions after move_uploaded_file()

#8

Updated by Karsten Dambekalns over 9 years ago

Christian Mueller wrote:

Isn't the current state enough with calling fixFilePermissions after move_uploaded_file()

No, because that only does a chmod() but move_uploaded_file() "ignores" the setgid bit, as I pointer out above. What would be more interesting is if we ignore this, document it somehow and can live with ACLs - because it should work fine.

Also available in: Atom PDF