blob storage makes anything user-readable only

Bug #683751 reported by Bastian Blank on 2010-12-01
28
This bug affects 4 people
Affects Status Importance Assigned to Milestone
ZODB
Undecided
Unassigned

Bug Description

The blob storage makes sure that anything it touches is 0700 for the directories and 0400 and even warns if it is not. Usually it is up to the admin to decide, which permissions are appropriate and a random tool should not judge him. Also the permissions of the traditional FileStorage that handles the more problematic data is not at all curious about any permission.
It is enough to set the permissions of the top directory to restrict access to the whole blob storage. Therefor please only do the initial setup with 0700 and create any new directory with the umask and use 0444 for all the files. The attached patch against 3.9.6 or so implements it this way.

Bastian Blank (waldi) wrote :
Martijn Pieters (mjpieters) wrote :

This came up in a StackOverflow question: http://stackoverflow.com/q/6168566/100297

That question has a workaround monkey patch that sets all blob directories to readable for the group (UNIX only).

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Patches