CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site

This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Developer Discussion (Moderator: Donald Lobo) »
  • image file permissions on secure system
Pages: [1]

Author Topic: image file permissions on secure system  (Read 801 times)

fen

  • I post frequently
  • ***
  • Posts: 216
  • Karma: 13
    • CivicActions
  • CiviCRM version: 3.3-4.3
  • CMS version: Drupal 6/7
  • MySQL version: 5.1/5.5
  • PHP version: 5.3/5.4
image file permissions on secure system
September 27, 2011, 11:53:21 am
Our servers run OWL, a secure distribution of GNU/Linux from Openwall, which by default sets new file permissions to 0600.  This works fine for just about everything, except (it seems) profile images.  Most uploads (such as file attachments) are downloaded as a stream, not directly from the file structure.  The webserver has read permission, so it can open the stream and the download works.  The problem is that for profile images, CiviCRM embeds the path for those straight into the img src, which doesn't pass through CiviCRM's download stream.

Drupal gets around this in file_copy() with explicitly setting file uploads to 0664 (0644 would be good enough for our case).  I think this would require a patch to core but I'm not sure where to look.  Can someone point me to the right place?  And would a patch for this case make it back into the core tree?

Thanks to @aharris for pointing this out to me.

Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Developer Discussion (Moderator: Donald Lobo) »
  • image file permissions on secure system

This forum was archived on 2017-11-26.