[wp-trac] [WordPress Trac] #33332: Default ACL entries are not set correctly when file is uploaded to WP

WordPress Trac noreply at wordpress.org
Mon Aug 10 22:21:10 UTC 2015 

#33332: Default ACL entries are not set correctly when file is uploaded to WP
----------------------------+-----------------------------
 Reporter:  slavafomin      |      Owner:
     Type:  defect (bug)    |     Status:  new
 Priority:  normal          |  Milestone:  Awaiting Review
Component:  Filesystem API  |    Version:  4.1.1
 Severity:  normal          |   Keywords:
  Focuses:  administration  |
----------------------------+-----------------------------
 Hello there!

 We are using ACL permissions on our server in order to isolate all
 websites from each other. Both nginx and php-fpm has it's own users.
 Actually, each website has it's own php-fpm user.

 The ACL permissions are set for new files via default permission set:

 {{{
 getfacl -a ./sitename/wp-content/uploads

 # file: sitename/wp-content/uploads
 # owner: www-data
 # group: www-data
 user::rwx
 user:nginx:r-x
 user:fpm-sitename:rwx
 group::rwx
 mask::rwx
 other::---
 default:user::rwx
 default:user:nginx:r-x
 default:user:fpm-sitename:rwx
 default:group::rwx
 default:mask::rwx
 default:other::---
 }}}

 So, when I manually create a file, the correct ACL permissions will be set
 for it by the filesystem itself:


 {{{
 $ sudo -u fpm-sitename touch test
 $ getfacl ./test

 # file: test
 # owner: fpm-sitename
 # group: fpm-sitename
 user::rw-
 user:nginx:r-x                  #effective:r--
 user:fpm-sitename:rwx           #effective:rw-
 group::rwx                      #effective:rw-
 mask::rw-
 other::---
 }}}

 And nginx will be able to read and serve it.

 However, when I upload a file through the WordPress it has no ACL entries
 at all.

 I've looked through the code and the following part of the
 '''_wp_handle_upload()''' seems to be the culprit:

 {{{
         // Set correct file permissions.
         $stat = stat( dirname( $new_file ));
         $perms = $stat['mode'] & 0000666;
         @ chmod( $new_file, $perms );
 }}}

 After commenting it out uploading works like a charm and proper ACL
 entries are set as expected.

 We're using Ubuntu Server 14.04.3 LTS.

 Cheers!

--
Ticket URL: <https://core.trac.wordpress.org/ticket/33332>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list