So, I'm completely new to hosting and Linux and all, so please forgive me if I'm saying things that are wrong. I'm still learning :)
I'm working a small personal website created using Django. I wanted to get it online to see if everything would work. I got a cheap server from linode and using a guide from Digital-Ocean (the irony) I got everything working. I was happy.
But... There's one major problem and I've read half the internet and can't find any similar problems: when the post request is larger than ~4MB (uploading images etc.) the files are being saved with the wrong permissions.
When the request size is smaller than about 4MB, everything works without a single problem. When the request size is bigger, everything gets uploaded and saved to the server without a single problem, but from there on I can't access the files from the browser anymore and the site keeps throwing 403 forbidden on those files. That's because the files are suddenly saved with wrong permissions or something like that.
Permissions of a forbidden file: -rw------- 1 [user] root 7900880 May 12 08:24 filename1.pdf
Permissions of a working file: -rw-r--r-- 1 [user] root 207420 May 11 19:36 filename2.jpg
I'm not sure if even the working file is completely correct, since it doesn't need root I think.
I'm getting tired of this problem. It sounds so illogical; what has filesize to do with permissions!? And the fact that I lack any experience with this doesn't make solving it any easier. If anyone here has the golden tip, I'd be so thankful :)
I'm using Nginx and uWSGI on Ubuntu 17.04 together with a Django 1.11 application.
After struggling with this issue myself I figured it out. AlexD's theory of large files being handled differently is correct.
From Django's documentation:
FILE_UPLOAD_PERMISSIONS
Default: None
The numeric mode (i.e. 0o644) to set newly uploaded files to. For more information about what these modes mean, see the documentation for os.chmod().
If this isn’t given or is None, you’ll get operating-system dependent behavior. On most platforms, temporary files will have a mode of 0o600, and files saved from memory will be saved using the system’s standard umask.
So in summary: larger files are stored using temporary files, which will get 0o600 permissions by default. The problem can easily be fixed by setting a value to FILE_UPLOAD_PERMISSIONS
.
https://docs.djangoproject.com/en/1.11/ref/settings/#file-upload-permissions
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With