Community & Support
Support » Post installation

How to set file access rights for uploaded images?

Posted by csteimel on January 22, 2010 at 3:29pm

Hi, I have a problem with file access rights for uploaded images.

My PHP runs as CGI under the Linux user e.g. "user1" but my Apache runs under www-user. On file upload, Drupal (running as Linux "user1") will give uploaded files the access permissions chmod 600, so only the PHP script can access the file. The web server (as Linux user "www-user") returns an "Access Denied Error".

I have looked around the Drupal admin interface but I cannot find a place to chmod uploaded files to the correct file system permissions (chmod 644 or so).

Any hints? Maybe there is a module to do that? Thanks!

Login or register to post comments Categories: ,

Comments

No ideas, anybody?

Posted by csteimel on January 23, 2010 at 3:16pm

No ideas, anybody? Is there maybe a module to issue a CHMOD 644 on every file upload?

i'm a newbie... but WebFM

Posted by marlowx on January 25, 2010 at 1:51pm

i'm a newbie...

but WebFM modules let you set some access rights in its settings, by default only person who uploaded file and admin can see files...

then there are a whole bunch of other file management modules... who's settings and how they work together are very confusing to me...

try doing a search in modules, that is what i did:
http://drupal.org/project/modules?text=file%20management

_

Posted by WorldFallz on January 25, 2010 at 3:25pm

The only thing is, at this point, i would be careful about becoming dependent on a file handling module that is not filefield based -- it replaces upload in core for d7 and a good many of these d6 modules may fall by the wayside if they don't use filefields.

_
Don't be a Help Vampire - read and abide the forum guidelines.
If you find my assistance useful, please pay it forward to your fellow drupalers.

_

Posted by WorldFallz on January 23, 2010 at 3:36pm

Not really a drupal thing, but I would think you could do it with http://php.net/manual/en/function.chmod.php -- you should be able to use the rules module to run some php after every file upload.

_
Don't be a Help Vampire - read and abide the forum guidelines.
If you find my assistance useful, please pay it forward to your fellow drupalers.

Rules does not have a file upload event.

Posted by csteimel on January 25, 2010 at 8:58am

Thanks for your reply, WorldFallz. However, the Rules module has no options for on_file_upload type of events.

Any other ideas? I don't want to create a new module for this or have a cron running every minute to chmod all uploaded files.

Should be possible. I'm the only one running PHP as CGI. Thanks for any help.

_

Posted by WorldFallz on January 25, 2010 at 10:55am

You don't say how you are uploading the files (upload or filefield), but both require the node be saved so you can use the node saved and node updated events.

_
Don't be a Help Vampire - read and abide the forum guidelines.
If you find my assistance useful, please pay it forward to your fellow drupalers.

Sorry, didnt know there are

Posted by csteimel on January 25, 2010 at 5:59pm

Sorry, didnt know there are two methods, still quite new to Drupal.

After searching (thx @marlowx for the link) I found http://drupal.org/project/umask that does the trick only for filefield uploads :(

However, I need a method for the normal files, attached to Page nodes. Thats the system file upload, I guess.

With the rules module, I got as far as /admin/rules/rules/rules_1/edit ("ON event Content is going to be saved"). There is no way to tell Drupal to exec any PHP code.

_

Posted by WorldFallz on January 25, 2010 at 6:19pm

When you add a condition or an action there should be a 'PHP - Execute custom PHP code' option -- if you're not seeing it, you may need to enable the core 'php code' module which, due to security concerns, is disabled by default iirc.

However, if the umask module works and you're not too far along, you may wish to consider switching over to filefields -- filefield has replaced the core 'upload' module for d7.

_
Don't be a Help Vampire - read and abide the forum guidelines.
If you find my assistance useful, please pay it forward to your fellow drupalers.

I think the reason that the

Posted by csteimel on January 25, 2010 at 7:22pm

I think the reason that the umask module does not work for system file uploads is, that there is no hook for that event. The "insert" or "update" calls in hook_nodeapi will not work, because files are uploaded via Ajax while editing the node text. The umask modules can only access the hook_file_insert hook, provided by filefield, but the system file upload does not provide any hook to fix the missing "chmod".

I went through includes/file.inc and finally inserted a "@chmod($file->filepath, 0664);" on line 591 (there should be one anyways, because there is one for the file_copy() and file_check_directory() functions too).

Waiting for D7, there the file handling looks great :)

Thanks for your help!

nobody click here