[Django] #28540: When you save three or more ImageField in admin file perm = 0o600
Django
-------------------------------------+-------------------------------------
Reporter: Cotest | Owner: nobody
Type: Bug | Status: new
Component: File | Version: 1.11
uploads/storage | Keywords: ImageField, save,
Severity: Normal | permissions
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
This bug find in prod server (nginx, supervisor + gunicorn)
I have models:
MainModel() and
SubModel():
main_id = FK(MainModel)
im1 = ImageField()
im2 = ImageField()
im3 = ImageField()
When I fill SubModel object in admin (as InlineAdmin) and click save
button, all images are saved, but permissions == 0600.
If I fill any two imgs (or one), all is well.
Django 1.10.5 - this bug not found.
Sorry for my English.
--
Ticket URL: <https://code.djangoproject.com/ticket/28540>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
-------------------------------------+-------------------------------------
Type: Bug | Status: new
Component: File | Version: 1.11
uploads/storage |
Keywords: ImageField, save, | Triage Stage:
permissions | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Old description:
> This bug find in prod server (nginx, supervisor + gunicorn)
>
> I have models:
> MainModel() and
> SubModel():
> main_id = FK(MainModel)
> im1 = ImageField()
> im2 = ImageField()
> im3 = ImageField()
>
> When I fill SubModel object in admin (as InlineAdmin) and click save
> button, all images are saved, but permissions == 0600.
> If I fill any two imgs (or one), all is well.
> Django 1.10.5 - this bug not found.
>
> Sorry for my English.
New description:
This bug find in prod server (nginx, supervisor + gunicorn)
I have models: `MainModel()` and
{{{
SubModel(models.Model):
main_id = FK(MainModel)
im1 = ImageField()
im2 = ImageField()
im3 = ImageField()
}}}
When I fill `SubModel` object in admin (as InlineAdmin) and click save
button, all images are saved, but permissions == 0600.
If I fill any two imgs (or one), all is well.
Django 1.10.5 - this bug not found.
Sorry for my English.
--
Comment (by Tim Graham):
Have you set `settings.FILE_UPLOAD_PERMISSIONS`? Can you reproduce the
problem in a non-production environment? It's unclear if someone could
reproduce the problem based on the little information you provided. Can
you provide a minimal sample project that reproduces the issue? Can you
[https://docs.djangoproject.com/en/dev/internals/contributing/triaging-
tickets/#bisecting-a-regression bisect the regression] to determine where
the behavior changed?
--
Ticket URL: <https://code.djangoproject.com/ticket/28540#comment:1>
Django
-------------------------------------+-------------------------------------
Type: Bug | Status: closed
Component: File | Version: 1.11
uploads/storage |
Keywords: ImageField, save, | Triage Stage:
permissions | Unreviewed
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* status: new => closed
* resolution: => needsinfo
--
Ticket URL: <https://code.djangoproject.com/ticket/28540#comment:2>
Django
-------------------------------------+-------------------------------------
Type: Bug | Status: closed
Component: File | Version: 1.11
uploads/storage |
Keywords: ImageField, save, | Triage Stage:
permissions | Unreviewed
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Xavier Ordoquy):
Been hitting the same issue although it's somewhat inconsistent. Some
context:
- Only have one FileField on the model.
- So far, it's been happening and reproduced on production with only one
file (24 uploaded files)
We'll set `FILE_UPLOAD_PERMISSIONS` and see if that fixes the issue.
Meanwhile, here's the raw unedited model. I don't think it has anything
fancy and no signal:
{{{
@python_2_unicode_compatible
class Livret(models.Model):
bDisplay = models.BooleanField("Utilisé ce semestre", default=True)
nom = models.CharField(_("Nom"), max_length=255, blank=False,
null=False)
file = models.FileField(_("Fichier"), upload_to="PDF")
infos = models.TextField(blank=True, null=True)
tags = TaggableManager(blank=True)
events = models.ManyToManyField(Event, related_name='livrets',
verbose_name=("Events"), blank=True)
def __str__(self):
return self.nom
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28540#comment:3>
Django
-------------------------------------+-------------------------------------
Type: Bug | Status: new
Component: File | Version: 1.11
uploads/storage |
Keywords: ImageField, save, | Triage Stage:
permissions | Unreviewed
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* cc: Simen Heggestøyl (added)
* status: closed => new
* resolution: needsinfo =>
Comment:
We've hit the same issue, and I've identified
f734e2d4b2fc4391a4d097b80357724815c1d414 as the offending commit.
The issue seems to be that when `FILE_UPLOAD_PERMISSIONS` is `None`, the
default system permissions are used. This worked fine for us, because our
system default is 644, which is what we wanted. After
f734e2d4b2fc4391a4d097b80357724815c1d414 however, when the uploaded file
is sufficiently large, the system's permissions for temporary files is
used instead (which was 600 in our case).
Setting `FILE_UPLOAD_PERMISSIONS` explicitly fixes the issue, but I think
this behavioral change should be mentioned in the release notes.
--
Ticket URL: <https://code.djangoproject.com/ticket/28540#comment:4>
Django
-------------------------------------+-------------------------------------
Type: Bug | Status: new
Component: File | Version: 1.11
uploads/storage |
Keywords: ImageField, save, | Triage Stage: Accepted
permissions |
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* stage: Unreviewed => Accepted
--
Ticket URL: <https://code.djangoproject.com/ticket/28540#comment:5>
Django
-------------------------------------+-------------------------------------
Reporter: Yaroslav Demidenko | Owner: nobody
Cleanup/optimization |
Component: Documentation | Version: 1.11
Severity: Normal | Resolution:
Keywords: ImageField, save, | Triage Stage: Accepted
permissions |
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* component: File uploads/storage => Documentation
* type: Bug => Cleanup/optimization
Comment:
The behavior might also be mentioned somewhere in the file upload
documentation.
--
Ticket URL: <https://code.djangoproject.com/ticket/28540#comment:6>
Django
-------------------------------------+-------------------------------------
Reporter: Yaroslav Demidenko | Owner: nobody
Type: | Status: new
Cleanup/optimization |
Component: Documentation | Version: 1.11
Severity: Normal | Resolution:
Keywords: ImageField, save, | Triage Stage: Accepted
permissions |
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by René Fleschenberg):
Are you sure that we should consider this a documentation bug? I think it
doesn't make sense to use different permissions depending on the file
size.
I know I am late to the party, but just in case it is of any use, I set up
a minimal project that demonstrates the issue:
https://github.com/rfleschenberg/django-file-upload-bug
--
Ticket URL: <https://code.djangoproject.com/ticket/28540#comment:7>
Django
-------------------------------------+-------------------------------------
Reporter: Yaroslav Demidenko | Owner: nobody
Type: | Status: new
Cleanup/optimization |
Component: Documentation | Version: 1.11
Severity: Normal | Resolution:
Keywords: ImageField, save, | Triage Stage: Accepted
permissions |
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Tim Graham):
No, I'm not sure. I don't think I investigated the issue in detail.
--
Ticket URL: <https://code.djangoproject.com/ticket/28540#comment:8>
Django
-------------------------------------+-------------------------------------
Reporter: Yaroslav Demidenko | Owner: nobody
Type: | Status: new
Cleanup/optimization |
Component: Documentation | Version: 1.11
Severity: Normal | Resolution:
Keywords: ImageField, save, | Triage Stage: Accepted
permissions |
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* cc: Keryn Knight (added)
--
Ticket URL: <https://code.djangoproject.com/ticket/28540#comment:9>
Django
-------------------------------------+-------------------------------------
Reporter: Yaroslav Demidenko | Owner: nobody
Type: | Status: new
Cleanup/optimization |
Component: Documentation | Version: 1.11
Severity: Normal | Resolution:
Keywords: ImageField, save, | Triage Stage: Accepted
permissions |
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* has_patch: 0 => 1
Comment:
See [https://github.com/django/django/pull/10116 this PR] as a possible
approach.
--
Ticket URL: <https://code.djangoproject.com/ticket/28540#comment:10>
Django
-------------------------------------+-------------------------------------
Reporter: Yaroslav Demidenko | Owner: nobody
Type: | Status: new
Cleanup/optimization |
Component: Documentation | Version: 1.11
Severity: Normal | Resolution:
Keywords: ImageField, save, | Triage Stage: Accepted
permissions |
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Tim Graham):
As I mentioned in the PR discussion, the new behavior seems consistent
with the
[https://github.com/django/django/commit/ff420b43647dd7f149f000efd2c7eb077f6ba5cf
original documentation] added with the introduction of the
`FILE_UPLOAD_PERMISSIONS` setting:
On most platforms, temporary files will have a mode of `0600`, and files
saved from memory will be saved using thesystem's standard umask.
By default, `MemoryFileUploadHandler` is used for files up to
`settings.FILE_UPLOAD_MAX_MEMORY_SIZE`, otherwise
`TemporaryFileUploadHandler` is used.
If we decide not to make a change (probably the discussion should move to
django-developers), then we could at least add a note to the deployment
checklist. Carlton proposed adding a system check that warns if the
`FILE_UPLOAD_PERMISSIONS` setting isn't set but that feels a bit heavy
handed as none of the open source Django projects I checked have specified
this setting so presumably it isn't a common issue.
--
Ticket URL: <https://code.djangoproject.com/ticket/28540#comment:11>
Django
-------------------------------------+-------------------------------------
Reporter: Yaroslav Demidenko | Owner: nobody
Type: | Status: new
Cleanup/optimization |
Component: Documentation | Version: 1.11
Severity: Normal | Resolution:
permissions | checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* stage: Accepted => Ready for checkin
Comment:
The [https://groups.google.com/d/topic/django-
developers/h9XbQAPv5-I/discussion django-developers discussion] about
changing the upload behavior hasn't received any replies. I'll proceed
with the documentation patches, and we can open a new ticket if there's a
later consensus to make a code change.
--
Ticket URL: <https://code.djangoproject.com/ticket/28540#comment:12>
Django
-------------------------------------+-------------------------------------
Reporter: Yaroslav Demidenko | Owner: nobody
Type: | Status: new
Cleanup/optimization |
Component: Documentation | Version: 1.11
Severity: Normal | Resolution:
Keywords: ImageField, save, | Triage Stage: Ready for
permissions | checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Tim Graham <timograham@…>):
In [changeset:"ef70af77ec53160d5ffa060c1bdf5ed93322d84f" ef70af77]:
{{{
#!CommitTicketReference repository=""
revision="ef70af77ec53160d5ffa060c1bdf5ed93322d84f"
Refs #28540 -- Added FILE_UPLOAD_PERMISSIONS to deployment checklist.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28540#comment:13>
Django
-------------------------------------+-------------------------------------
Reporter: Yaroslav Demidenko | Owner: nobody
Cleanup/optimization |
Component: Documentation | Version: 1.11
Keywords: ImageField, save, | Triage Stage: Ready for
permissions | checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"89d4d412404d31ef34ae3170c0c056eff55b2a17" 89d4d412]:
{{{
#!CommitTicketReference repository=""
revision="89d4d412404d31ef34ae3170c0c056eff55b2a17"
Fixed #28540 -- Doc'd a change to file upload permissions in Django 1.11.
Behavior changed in f734e2d4b2fc4391a4d097b80357724815c1d414
(refs #27334).
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28540#comment:14>
Django
-------------------------------------+-------------------------------------
Reporter: Yaroslav Demidenko | Owner: nobody
Type: | Status: closed
Cleanup/optimization |
Component: Documentation | Version: 1.11
Severity: Normal | Resolution: fixed
Keywords: ImageField, save, | Triage Stage: Ready for
permissions | checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Tim Graham <timograham@…>):
In [changeset:"37c0a3365531815b6db5576ca18ba684cc84d12d" 37c0a336]:
{{{
#!CommitTicketReference repository=""
revision="37c0a3365531815b6db5576ca18ba684cc84d12d"
[2.1.x] Fixed #28540 -- Doc'd a change to file upload permissions in
Django 1.11.
Behavior changed in f734e2d4b2fc4391a4d097b80357724815c1d414
(refs #27334).
Backport of 89d4d412404d31ef34ae3170c0c056eff55b2a17 from master
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28540#comment:16>
Django
-------------------------------------+-------------------------------------
Reporter: Yaroslav Demidenko | Owner: nobody
Type: | Status: closed
Cleanup/optimization |
Component: Documentation | Version: 1.11
Severity: Normal | Resolution: fixed
Keywords: ImageField, save, | Triage Stage: Ready for
permissions | checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Tim Graham <timograham@…>):
In [changeset:"1e8c68ff47b3b0d255e1224f22bcdb39ae2e5d6c" 1e8c68f]:
{{{
#!CommitTicketReference repository=""
revision="1e8c68ff47b3b0d255e1224f22bcdb39ae2e5d6c"
[2.1.x] Refs #28540 -- Added FILE_UPLOAD_PERMISSIONS to deployment
checklist.
Backport of ef70af77ec53160d5ffa060c1bdf5ed93322d84f from master
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28540#comment:15>
Django
-------------------------------------+-------------------------------------
Reporter: Yaroslav Demidenko | Owner: nobody
Type: | Status: closed
Cleanup/optimization |
Component: Documentation | Version: 1.11
Severity: Normal | Resolution: fixed
Keywords: ImageField, save, | Triage Stage: Ready for
permissions | checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Tim Graham <timograham@…>):
In [changeset:"b113c6adea2e4b1759bc5dc27b6cc5cc339f633a" b113c6ad]:
{{{
#!CommitTicketReference repository=""
revision="b113c6adea2e4b1759bc5dc27b6cc5cc339f633a"
[2.0.x] Fixed #28540 -- Doc'd a change to file upload permissions in
Django 1.11.
Behavior changed in f734e2d4b2fc4391a4d097b80357724815c1d414
(refs #27334).
Backport of 89d4d412404d31ef34ae3170c0c056eff55b2a17 from master
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28540#comment:17>
Django
-------------------------------------+-------------------------------------
Reporter: Yaroslav Demidenko | Owner: nobody
Type: | Status: closed
Cleanup/optimization |
Component: Documentation | Version: 1.11
Severity: Normal | Resolution: fixed
Keywords: ImageField, save, | Triage Stage: Ready for
permissions | checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Tim Graham <timograham@…>):
In [changeset:"ceae3069ec2f0fd9f53ae901a55b4f9c985a4e78" ceae3069]:
{{{
#!CommitTicketReference repository=""
revision="ceae3069ec2f0fd9f53ae901a55b4f9c985a4e78"
[1.11.x] Fixed #28540 -- Doc'd a change to file upload permissions in
Django 1.11.
Behavior changed in f734e2d4b2fc4391a4d097b80357724815c1d414
(refs #27334).
Backport of 89d4d412404d31ef34ae3170c0c056eff55b2a17 from master
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28540#comment:18>