File upload permissions do not allow FTP or other users to read files: Patch for D6

This applies and works for me on drupal.geek.nz. I have been running a script that fixes file permissions on a cron to work around this, so this would be a very useful bug fix!

I uploaded a file without the patch, access denied. I uploaded a file with the patch; I could access it.

Just ran into the same problem. The patch successfully fixes this. The lack of activity on this bug puzzles me. Does no one use the core upload module anymore?

I have reviewed and tested this patch and it works fine here. Unless that change was a policy decision (in which case it should have been made more explicit), I think this fix could go in.

I am attaching a patch that adds comments around the chmod, copied from file_unmanaged_copy().

I am also attaching a port to HEAD of the patch, since it seems D7 also suffers from this problem.

Hum, sorry about that double D6 patch, the right one is 760 bytes.

I am fixing the issue title to reflect better the issue at hand.

Note that I noticed this issue because of another issue, in the Hostmaster project: #363282: backups failing on drupal 6 and above.

This is a duplicate of #203204: Uploaded files have the permissions set to 600.

What do we do with this patch? Are there instructions for using/installing/placing it?

Never mind. This is not related to my problem which has been solved:
http://drupal.org/node/141935#comment-1244627

Thanks, Warren

subscribing

Please import this patch as soon as possible. It cause problem too, when you running php as fastcgi daemon and apache with SuExec.
The apache serving files directly on my site, and I still need to patch the drupal core because of this bug. It's really embarrassing :S

@xmarket Please do not change the status. This has been marked as a duplicate of #203204: Uploaded files have the permissions set to 600. If you think this is still a problem, please read the other issue, and continue the discussion there.

anarcat or douggreen, could you submit your patch to #203204: Uploaded files have the permissions set to 600? I'd like to see this get attention and I think that would allow a status change on that from 'patch (to be ported)' to 'needs review' which may even allow it to get into the next security update, maybe?

While this has been marked as a duplicate of "#203204: Uploaded files have the permissions set to 600", that issue contains a patch for D7 whereas this issue contains a patch for D6.

Please do not reopen duplicate issues. Concentrate on back-porting #203204: Uploaded files have the permissions set to 600 if you want this to ever get into Drupal 6.