blob storage makes anything user-readable only
Bug #683751 reported by
Bastian Blank
This bug affects 4 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ZODB |
New
|
Undecided
|
Unassigned |
Bug Description
The blob storage makes sure that anything it touches is 0700 for the directories and 0400 and even warns if it is not. Usually it is up to the admin to decide, which permissions are appropriate and a random tool should not judge him. Also the permissions of the traditional FileStorage that handles the more problematic data is not at all curious about any permission.
It is enough to set the permissions of the top directory to restrict access to the whole blob storage. Therefor please only do the initial setup with 0700 and create any new directory with the umask and use 0444 for all the files. The attached patch against 3.9.6 or so implements it this way.
To post a comment you must log in.
This came up in a StackOverflow question: http:// stackoverflow. com/q/6168566/ 100297
That question has a workaround monkey patch that sets all blob directories to readable for the group (UNIX only).