Active
Project:
Fileshare
Version:
4.7.x-1.x-dev
Component:
File management
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
6 Sep 2006 at 20:01 UTC
Updated:
12 Dec 2007 at 20:49 UTC
Sub directories "documents" + "_previews", created inside of the files directory, are created with owner being the web server (99) rather then the user (on a server with suexec enabled), resulting in the user unable to delete these directories.
No other modules that I've tested do this, so I was wondering if this is necessary. I have to ask my host to delete these for me. If this is intended + necessary for security, then I suppose this is not a bug report.
Comments
Comment #1
ljjbrosens commentedI also had the problem that i could not delete files belonging to userID apache.
I solved this problem with a tiny php program called filethingie.
It delets all files and directories and can be installed in public_html easily and safe if protected when not in use with 644.
Do this help you?
http://www.solitude.dk/filethingie/
Leo
Comment #2
weibeln commentedHello!
It is now hours that I am trying to solve this same problem ... Did you solve it?
The main issue is that I can't create a fileshare...
If I want to create a new fileshare called "upload" in the "files" folder (I give "files" as Node base path) Drupal creates the directory files/uploadxxx (e.g. files/upload128) but then the fileshare creation process is blocked and I get the error message:
DIRECTORY ERROR - please check "files/upload128/_previews".
The newly created directory "upload128" is owned by the user "apache" and have these permissions: rwx rwx r-x
Any idea how to solve this?!
Thanks a lot
Nadir
Comment #3
JamieR commentedThe directory permissions are being set to 2775 by fileshare. That's my understanding of how they should be set. Here is where they are set - line 283:
There is the possibility of course to add a folder chmod permissions setting to the nodes... but would that be a good thing? I would think a lot of people wouldn't know what to do with that.... I guess I could have it default ...
Thoughts?
Jamie.
Comment #4
remy lebeau-1 commentedI'm experiencing something similar, where the permissions for the folder are being set as the appache web server, rather than user, and so I am unable to upload files into the folder manually through FTP! This is a pain as I want to upload files larger than 4mb (which is the limit through php)!
Has there been any further suggestions as to a fix for this?
Would it be possible to configure the module so that you can simply browse an existing folder, rather than always creating a new one? That would enable to me upload a folder with files, and then simply point fileshare to that, rather than fileshare creating a new folder!
Comment #5
dboune commentedI think that the reason for the 2775 is to allow the use of FTP to upload files into that directory. The '2' represents setgid (Set GroupID).
If the location for the 'files' directory has its owner set to the apache user (www-data on debian*) and the group set to a group that your FTP users belong to (say 'fsuser' for this example)..
When a directory or file is created under files/ it will receive the user permissions of the process creating that object, and the group of the parent folder:
Given a umask of 002
In this way apache has full permission to the tree, and a local (or ftp) user can still manage the files without the use of root or evil su tricks.
Depending on how things happenend and who ended up with owner and group at what level, this could adversely affect the behavior of the module.
If my thinking is correct, there may be situations where 2775 is appropriate in a suexec environment, but not everyone will have the level of control at the OS level needed to take advantage of this in the same way.
I think the addition of a perms config would resolve the situation, but at what granularity? I think only three or four possible options; root only, share, directory, and file. I would also assume the need for a configurable set of defaults in the case where users are allowed to create fileshares. A way of hiding the added "advanced" bits might be desireable as well.
Any thoughts?
Comment #6
buggs_moran commentedHas there been any resolution to this issue?
Comment #7
dboune commented@buggs_moran:
It's not likely that anything much will be done..
In the case that PHP runs as the apache user, just like with any other file storage operating in drupal, files will end up with permissions based on apache's user/group. The best thing you can do in this situation is use the set group flag on the files folder.
I the case that PHP runs as the user (suexec), this *should* work, files should not be owned as apache, and in fact it would be impossible for this to happen unless something either isn't working as expected.
My best suggestion is to read post 5 above, insure you know what user PHP runs as, and find a solution that will best work for you.