The file_check_directory does a chmod on the directory that is created.
line 105 in includes/file.inc: @chmod($directory, 0775); // Necessary for non-webserver users.
In our case this raises a problem because we installed drupal on a loadbalanced environment wich has mutliple users that can create folders.
If user a created the folder user b cannot create files in his folder because the sticky bit is lost. In our case de chmod should be @chmod($directory, 2775);.
It would be nice if there was a setting in the settings.php wich could control the chmod.
I filed this as an bug because in our case this gives us big problems and drupal 5 didn't had the problem.

Comments

Bèr Kessels’s picture

Bèr Kessels commented

Also note, that if the problem does not occur when we create the directories by hand. This only is a problem for directories that are created on the fly by Drupal, such as the CSS dir created when CSS-aggregation is enabled.

foxfabi’s picture

foxfabi commented

first i search in drupal 6.12 (core) for chmod calls with command:

 $find . -name "*.*" | grep -lir "chmod" *

I found following results:

 includes/file.inc
  105       @chmod($directory, 0775); // Necessary for non-webserver users.
  117     if (($mode & FILE_MODIFY_PERMISSIONS) && @chmod($directory, 0775)) {
  131       chmod($directory .'/.htaccess', 0664);
  267     @chmod($dest, 0664);

 includes/install.inc
  600   if (@chmod($file, $mod)) {

 modules/system/system.install
  189     @chmod($directory, 0775); // Necessary for non-webserver users.

 modules/color/color.module
  449   @chmod($file, 0664);
  507     @chmod(realpath($image), 0664);

In order to set the sticky bit on a file one must use '01777' (oct) and not '1777' (dec) as the parameter to chmod: See http://ch.php.net/chmod

<?php
    chmod("file",01777);   // correct
    chmod("file",1777);    // incorrect, same as chmod("file",01023), causing no owner permissions!
?>

With PHP 5.1.2 chmod takes off sticky bit from directory. See http://bugs.php.net/bug.php?id=37191

To fix you should try something like this: diff file.inc

105,111c105
<       !defined('S_ISVTX') && define('S_ISVTX', 0001000); // sticky bit
<       $fstat = stat($directory);
<       if(($fstat['mode'] & S_ISVTX) == 0001000) {
<          @chmod($directory, 01775); // Necessary for non-webserver users with sticky bit
<       } else {
<          @chmod($directory, 0775); // Necessary for non-webserver users.
<       }
---
>       @chmod($directory, 0775); // Necessary for non-webserver users.

hope this help.

miechiel’s picture

miechiel commented

Thanks for the reply foxabi.
I already fixed this with a chmod to 02775 wich is the proper setting for the sticky bit in our case.
But the issue is that we don't want to hack/patch our core drupal instalation. It would be nice if there would be a setting to set default folder permissions instead of @chmod($directory, 02775); // Necessary for non-webserver users.

But even more if drupal does not perform the chmod on the created folder the folder should inherit its permissions based on the main folder. In our case with the sticky bit.

dpearcefl’s picture

dpearcefl commented
Status: Active » Postponed (maintainer needs more info)

Is this still an active issue for you?

miechiel’s picture

miechiel commented

Yes this remains active. I made a patch for our specific setup. But i think it would be nice to fix this in core with an extra setting on the file systen in the admin interface.
I will work on a patch to fix this.

dpearcefl’s picture

dpearcefl commented
Status: Postponed (maintainer needs more info) » Needs work

Thanks!

miechiel’s picture

miechiel commented
Status: Needs work » Closed (fixed)

Works in d7 with the variable_get function so can be set in settings.php.

function drupal_chmod($uri, $mode = NULL) {
 if (!isset($mode)) {
    if (is_dir($uri)) {
      $mode = variable_get('file_chmod_directory', 0775);
    }
    else {
      $mode = variable_get('file_chmod_file', 0664);
    }
  }

In our case we are adding following settings:

$conf['file_chmod_directory'] = 02775;