Feature #61885

Make TYPO3 work with filesystem ACLs

Added by Jost Baron over 5 years ago. Updated almost 2 years ago.

Should have
Target version:
Start date:
Due date:
% Done:


PHP Version:
Sprint Focus:


Currently, there are some problems when using ACLs. One of these comes from the use of the PHP function move_uploaded_file(), see https://bugs.php.net/bug.php?id=65057 .

Since ACLs are a nice tool that makes a lot of headaches go away, it would be really nice to support them.



#1 Updated by Frank Naegler over 5 years ago

  • Status changed from New to Needs Feedback

please can you provide some more information about the ACL stuff?
What kind of ACL do you mean? If I understand it correctly, this a unix special implementation?

#2 Updated by Jost Baron over 5 years ago

Hi Frank,

I mean the ACLs described here as "Filesystem ACLs": http://en.wikipedia.org/wiki/Access_control_list - the german article is a bit more detailed.

The problem which lead to this issue, is that I have set owner and group of typo3temp to some arbitrary user (e.g. root, or a user used for deployment), and then added access rights for other users (www-data, php) using ACL default values (which define permissions added for newly created files in that directory).

In that scenario some things stop to work, among them the move_uploaded_file() function, used in GeneralUtility. It removes all permissions on the moved file, except the ones for owner and group.

#3 Updated by Jost Baron over 5 years ago

Just to clarify what I want:

Usually, the usage of ACLs should be transparent to PHP or the webserver. But in the specific case of move_uploaded_file(), it isn't - the solution would be to replace usages of that function, using rename() or something. That should do it in this case. But maybe there are more places where ACLs are not supported, thus the general title of the ticket.

#4 Updated by Alexander Opitz about 5 years ago

  • Status changed from Needs Feedback to New

#5 Updated by Mathias Schreiber almost 2 years ago

maybe I got this all wrong, but isn't this just about not using move_uploaded_file and using rename instead?

Also available in: Atom PDF