[wp-trac] [WordPress Trac] #33332: Default ACL entries are not set correctly when file is uploaded to WP

[WordPress Trac]

#33332: Default ACL entries are not set correctly when file is uploaded to WP
----------------------------+------------------------------
 Reporter:  slavafomin      |       Owner:
     Type:  defect (bug)    |      Status:  new
 Priority:  normal          |   Milestone:  Awaiting Review
Component:  Filesystem API  |     Version:  4.1.1
 Severity:  normal          |  Resolution:
 Keywords:                  |     Focuses:  administration
----------------------------+------------------------------

Comment (by brudas):

 I've just checked this on 4.5.2:

 Higher-level directory permissions, set manually with '''setfacl''':


 {{{
 $ getfacl 2016
 # file: 2016
 # owner: root
 # group: root
 user::rwx
 user:www-data:rwx
 group::---
 group:SA:rwx
 group:webdesigner:rwx
 mask::rwx
 other::---
 default:user::rwx
 default:user:www-data:rwx
 default:group::---
 default:group:SA:rwx
 default:group:webdesigner:rwx
 default:mask::rwx
 default:other::---

 }}}


 Wordpress-made directory permissions


 {{{
 $ getfacl 2016/05/
 # file: 2016/05/
 # owner: root
 # group: root
 user::rwx
 user:www-data:rwx
 group::---
 group:SA:rwx
 group:webdesigner:rwx
 mask::rwx
 other::---
 default:user::rwx
 default:user:www-data:rwx
 default:group::---
 default:group:SA:rwx
 default:group:webdesigner:rwx
 default:mask::rwx
 default:other::---
 }}}

 Wordpress-uploaded file permissions


 {{{
 $ getfacl 2016/05/Exadel-Inc.-Calendar-Event-Details-Mozilla-
 Thunderbird-2016-05-24-09.59.34.png
 # file: 2016/05/Exadel-Inc.-Calendar-Event-Details-Mozilla-
 Thunderbird-2016-05-24-09.59.34.png
 # owner: www-data
 # group: www-data
 user::rw-
 group::rw-
 '''group:SA:rw-'''
 mask::rw-
 other::---

 }}}

 Manulaly-created file permissions:

 {{{
 $ id
 uid=33(www-data) gid=33(www-data) groups=33(www-data)
 $ touch 2016/05/testfile.txt
 $ getfacl 2016/05/testfile.txt
 # file: 2016/05/testfile.txt
 # owner: www-data
 # group: www-data
 user::rw-
 user:www-data:rwx               #effective:rw-
 group::---
 '''group:SA:rwx                 #effective:rw-
 group:webdesigner:rwx           #effective:rw-'''
 mask::rw-
 other::---
 }}}

 So when I create file myself under web server account - permission
 inheritance works well.
 When I upload files using Wordpress - something going wrong, not all
 permissions inherited, for example "'''webdesigner'''" group lost access,
 explicit ACL item for ''''www-data'''' user tha should be inherited from
 directory's default ACL lost too.

 Here is my system information:


 {{{
 $ lsb_release -a
 No LSB modules are available.
 Distributor ID: Ubuntu
 Description:    Ubuntu 14.04.4 LTS
 Release:        14.04
 Codename:       trusty

 $ php -v
 PHP 5.5.9-1ubuntu4.16 (cli) (built: Apr 20 2016 14:31:27)

 }}}

 Thank you.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/33332#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform