Forum: Ruby on Rails [file_column] saves uploading file with wrong rights?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
E6dcb4743b83392a4fc39693f110cc26?d=identicon&s=25 eugenol (Guest)
on 2005-12-06 10:35
(Received via mailing list)
Hello !
How to make file_column plugin saving uploaded documents in the
filesystem
with 660 (-rwrw-----) rights instead of 600 (-rw------- )?

Thank you for your help
B8ed55487e4f2f0feaeb68957dc07b21?d=identicon&s=25 skanthak (Guest)
on 2005-12-07 00:29
(Received via mailing list)
Hi Jerome,

On 12/6/05, Jérôme L <eugenol@gmail.com> wrote:
> How to make file_column plugin saving uploaded documents in the filesystem
> with 660 (-rwrw-----) rights instead of 600 (-rw------- )?

since I don't do anything special in the file_column code I believe
the files are saved with the process' umask. So if you change this to
something more liberal in your environment.rb, you should be able to
get the permissions you want.

Sebastian
B590074dbaaca87d7b03110a15ecc95c?d=identicon&s=25 Stephen Sykes (Guest)
on 2005-12-30 20:21
skanthak wrote:

> since I don't do anything special in the file_column code I believe
> the files are saved with the process' umask. So if you change this to
> something more liberal in your environment.rb, you should be able to
> get the permissions you want.

Didn't work for me.  But I fixed it in file_column.rb, see here
http://www.stephensykes.com/blog_perm.html?122

Stephen.
B8ed55487e4f2f0feaeb68957dc07b21?d=identicon&s=25 Sebastian Kanthak (Guest)
on 2005-12-30 21:54
(Received via mailing list)
On 12/30/05, Stephen Sykes <rubyforum.1.sts@xoxy.net> wrote:
> skanthak wrote:
>
> > since I don't do anything special in the file_column code I believe
> > the files are saved with the process' umask. So if you change this to
> > something more liberal in your environment.rb, you should be able to
> > get the permissions you want.
>
> Didn't work for me.  But I fixed it in file_column.rb, see here
> http://www.stephensykes.com/blog_perm.html?122

funny, I just found out that my proposed solution doesn't work at all
and committed a fix to the trunk. You can now control the the
permission files are written with via a :permissions option, it
defaults to 0644. Please give it a try and tell me about any troubles
you're having with it...

Sebastian
E6dcb4743b83392a4fc39693f110cc26?d=identicon&s=25 Jérôme L (Guest)
on 2006-01-09 11:44
(Received via mailing list)
On 12/30/05, Sebastian Kanthak <skanthak@gmail.com> wrote:

> funny, I just found out that my proposed solution doesn't work at all
> and committed a fix to the trunk. You can now control the the
> permission files are written with via a :permissions option, it
> defaults to 0644. Please give it a try and tell me about any troubles
> you're having with it...

Well, I have set :permissions => 0664 and it still saves files as 0644
..
B8ed55487e4f2f0feaeb68957dc07b21?d=identicon&s=25 Sebastian Kanthak (Guest)
on 2006-01-10 09:35
(Received via mailing list)
Hi Jerome,

On 1/9/06, Jérôme L <eugenol@gmail.com> wrote:
> On 12/30/05, Sebastian Kanthak <skanthak@gmail.com> wrote:
>
> > funny, I just found out that my proposed solution doesn't work at all
> > and committed a fix to the trunk. You can now control the the
> > permission files are written with via a :permissions option, it
> > defaults to 0644. Please give it a try and tell me about any troubles
> > you're having with it...
>
> Well, I have set :permissions => 0664 and it still saves files as 0644 ..

I guess your umask is set to something that prevents files to have
more permissions than 0644. I will include a fix that uses File.chmod
instead, which should not consider the umask. Until I commit this fix
you can work around the problem by setting your process' umask to 0002
before starting rails.

Sebastian
E6dcb4743b83392a4fc39693f110cc26?d=identicon&s=25 Jérôme L (Guest)
on 2006-01-10 11:48
(Received via mailing list)
On 1/10/06, Sebastian Kanthak <skanthak@gmail.com> wrote:

> I guess your umask is set to something that prevents files to have
> more permissions than 0644. I will include a fix that uses File.chmod
> instead, which should not consider the umask. Until I commit this fix
> you can work around the problem by setting your process' umask to 0002
> before starting rails.

My FreeBSD current umask is set to 0022.
The problem is indeed solved with File.umask 0002 in environment.rb

Waiting for you fix; thank you very very much Sebastian!
11bd67aedc131020a51440fad59116cc?d=identicon&s=25 Andrew Filipowski (Guest)
on 2006-01-10 18:23
(Received via mailing list)
Silly noob question coming here.

I have been having issues using file_column with a dynamic directory
for store_dir to work correctly however I finnaly have a new error
that I think this thread may fix. I am running on OSX in dev right
now and my permissions are coming up as rwxr-xr-x this causes an
error when uploading a file i believe that says that the directory /
rootpath/public/controller/1/tmp/random does not exist. I think this
is a permissions error and have no idea what you mean by setting the
process' umask to 0002. How does one do this?

Andrew
11bd67aedc131020a51440fad59116cc?d=identicon&s=25 Andrew Filipowski (Guest)
on 2006-01-10 19:21
(Received via mailing list)
Well I was wrong. Did some more playing and digging and this issue
seems to be with file_column itself, or I am trying to do something
that i. This call works:

file_column :audio,
               :store_dir => :dynamic_dir,
               :permission => "0664"

   def dynamic_dir
       File.join("episode","test","audio")
   end

while this does not work:

file_column :audio,
               :store_dir => :dynamic_dir,
               :permission => "0664"

   def dynamic_dir
       File.join("episode",self.user_id,"audio")
   end

however when I run the second one the directory structure gets built
on the server all the way up to the tmp directory:

/RAILS_ROOT/public/episode/1/audio/tmp/

but the random directory that file_column is looking for does not.

Is this a bug in file_column? or am i trying to get it to do
something it can't?

Andrew
E6dcb4743b83392a4fc39693f110cc26?d=identicon&s=25 Jérôme L (Guest)
on 2006-01-10 19:57
(Received via mailing list)
On 1/10/06, Andrew Filipowski <a.filipowski@mac.com> wrote:

>                :permission => "0664"

Shouldn't it be an integer and not a string ?
11bd67aedc131020a51440fad59116cc?d=identicon&s=25 Andrew Filipowski (Guest)
on 2006-01-10 20:06
(Received via mailing list)
Tried that first and second and figured out that I acctually didn't
have to put the permissions in at all because it was working
correctly, but having a dynamic directory is causing my issues, if i
make the directory static everything works fine but the dynamic stuff
does not.

Flip
B8ed55487e4f2f0feaeb68957dc07b21?d=identicon&s=25 Sebastian Kanthak (Guest)
on 2006-01-11 09:22
(Received via mailing list)
Hi Andrew,

On 1/10/06, Andrew Filipowski <a.filipowski@mac.com> wrote:
> while this does not work:
>
> file_column :audio,
>                :store_dir => :dynamic_dir,
>                :permission => "0664"
>
>    def dynamic_dir
>        File.join("episode",self.user_id,"audio")
>    end

could it be that the moment dynamic_dir is called, the user_id
attribute does not have any sensible value (e.g., nil)? file_column
tries to create a temporary directory for the uploaded file as soon as
the file is assigned. If you mass-assign attributes from a hash it
could be that the file is assigned *before* the user_id attribute?
Just guessing here...

Sebastian
11bd67aedc131020a51440fad59116cc?d=identicon&s=25 Andrew Filipowski (Guest)
on 2006-01-12 05:44
(Received via mailing list)
Sebastian I have copied text from a seperate list item for your view.
In essance I believe that I have identified the problem and it is
possible that this is what is going on but the directories are
getting created in both cases but the first case (without overriding
the tmp directory was blowing up). The "1" below in the path is the
user_id directory. The following is the workaround that I found does
work:

After getting my dynamic_dir method to work I was running into the
following error: (Removed the info about the railsroot directory but
the full path was there)

No such file or directory - /{RAILS_ROOT}/public/episode/1/audio/tmp/
1136928177.355831.270

This error came from the following method:

def dynamic_dir
       File.join("episode",self.user_id,"audio")
end

The call to file_column looks like this:

file_column :audio,
               :permission => 0664,
               :store_dir => :dynamic_dir


and here is the full app error trace for those that care:

/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/1.8/fileutils.rb:525:in `stat'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/1.8/fileutils.rb:525:in `stat'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/1.8/fileutils.rb:511:in `preserve'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/1.8/fileutils.rb:455:in `copy_entry'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/1.8/fileutils.rb:416:in `copy_entry'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/1.8/fileutils.rb:584:in `mv'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/1.8/fileutils.rb:572:in `fu_each_src_dest'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/1.8/fileutils.rb:845:in `fu_each_src_dest0'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/1.8/fileutils.rb:845:in `fu_each_src_dest'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/1.8/fileutils.rb:572:in `mv'
#{RAILS_ROOT}/vendor/plugins/trunk/lib/file_column.rb:365:in `move_from'
#{RAILS_ROOT}/vendor/plugins/trunk/lib/file_column.rb:314:in
`after_save'
#{RAILS_ROOT}/vendor/plugins/trunk/lib/file_column.rb:676:in
`audio_after_save'
#{RAILS_ROOT}/vendor/plugins/trunk/lib/file_column.rb:675:in
`audio_after_save'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/activerecord-1.13.2/lib/
active_record/callbacks.rb:333:in `send'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/activerecord-1.13.2/lib/
active_record/callbacks.rb:333:in `callback'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/activerecord-1.13.2/lib/
active_record/callbacks.rb:330:in `each'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/activerecord-1.13.2/lib/
active_record/callbacks.rb:330:in `callback'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/activerecord-1.13.2/lib/
active_record/callbacks.rb:250:in `create_or_update'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/activerecord-1.13.2/lib/
active_record/base.rb:1226:in `save_without_validation'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/activerecord-1.13.2/lib/
active_record/validations.rb:698:in `save_without_transactions'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/activerecord-1.13.2/lib/
active_record/transactions.rb:126:in `save'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/activerecord-1.13.2/lib/
active_record/transactions.rb:126:in `transaction'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/activerecord-1.13.2/lib/
active_record/transactions.rb:91:in `transaction'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/activerecord-1.13.2/lib/
active_record/transactions.rb:118:in `transaction'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/activerecord-1.13.2/lib/
active_record/transactions.rb:126:in `save'
#{RAILS_ROOT}/app/controllers/episodes_controller.rb:39:in `create'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/actionpack-1.11.2/lib/
action_controller/base.rb:853:in `send'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/actionpack-1.11.2/lib/
action_controller/base.rb:853:in `perform_action_without_filters'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/actionpack-1.11.2/lib/
action_controller/filters.rb:332:in `perform_action_without_benchmark'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/actionpack-1.11.2/lib/
action_controller/benchmarking.rb:69:in `perform_action_without_rescue'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/actionpack-1.11.2/lib/
action_controller/benchmarking.rb:69:in `measure'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/actionpack-1.11.2/lib/
action_controller/benchmarking.rb:69:in `perform_action_without_rescue'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/actionpack-1.11.2/lib/
action_controller/rescue.rb:82:in `perform_action'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/actionpack-1.11.2/lib/
action_controller/base.rb:369:in `send'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/actionpack-1.11.2/lib/
action_controller/base.rb:369:in
`process_without_session_management_support'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/actionpack-1.11.2/lib/
action_controller/session_management.rb:116:in `process'
#{RAILS_ROOT}/app/controllers/application.rb:15:in `process'
#{RAILS_ROOT}/app/controllers/application.rb:14:in `catch'
#{RAILS_ROOT}/app/controllers/application.rb:14:in `process'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/rails-1.0.0/lib/dispatcher.rb:
38:in `dispatch'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/rails-1.0.0/lib/
fcgi_handler.rb:141:in `process_request'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/rails-1.0.0/lib/
fcgi_handler.rb:53:in `process!'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/rails-1.0.0/lib/
fcgi_handler.rb:52:in `each_cgi'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/fcgi-0.8.6.1/./fcgi.rb:597:in
`each'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/fcgi-0.8.6.1/./fcgi.rb:597:in
`each_cgi'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/rails-1.0.0/lib/
fcgi_handler.rb:52:in `process!'
/Applications/Locomotive/Bundles/rails-1.0.0-max.bundle/Contents/
Resources/ports/lib/ruby/gems/1.8/gems/rails-1.0.0/lib/
fcgi_handler.rb:22:in `process!'
/Users/flip/Documents/workspace/SolidPodcast/public/dispatch.fcgi:24


Now on to the workaround. I figured that there was something going on
with the temp_dir settings and decided to test it out by defining the
temp directory myself. The new file_column call looks like this:

file_column :audio,
               :permission => 0664,
               :store_dir => :dynamic_dir,
               :tmp_base_dir => "/episode/tmp"

The permission really doesnt matter. What does is the tmp_base_dir.
As the stack shows something is going on when creating the temp
directory as file_column blows up when trying to implement the
after_save_method found at line 675 of the trunk version. It blows up
because the temp directory is never created, since it is never
created the file is never saved and therefore can't be moved to the
permanent directory.

By over riding the tmp directory settings I am able to upload files
that are stored where i want them to be stored with the added layer
of by user.

Like I said I will try to carve some time out to look into this more
and come up with a patch to submit for file_column but until than or
if someone else figures out why this acts the way it does and you
need to have a dynamic directory than this is the workaround to the
issue.

Thanks for all the lists help again I know that I have had several
questions with some great responses on this list. I wish all
communities were this helpful.

Andrew
0b33cade96097aba51c8bdd5673c22dc?d=identicon&s=25 Neil Chandler (pin)
on 2007-12-12 12:35
Jérôme L wrote:
> On 12/30/05, Sebastian Kanthak <skanthak@gmail.com> wrote:
>
>> funny, I just found out that my proposed solution doesn't work at all
>> and committed a fix to the trunk. You can now control the the
>> permission files are written with via a :permissions option, it
>> defaults to 0644. Please give it a try and tell me about any troubles
>> you're having with it...
>
> Well, I have set :permissions => 0664 and it still saves files as 0644
> ..

I have been struggling with permission issues on images I've been
uploading, some images upload find and the correct permissions are set
0644 others are uploaded fine but the permissions are not set correctly
0600. The incorrect permissions were alway applied to the same images
and after some lengthy investigation into this issue it turns out that
file_columns fix_file_extension is the cause of the issue.

The following code snippet is located in file_column.rb
TempUploadedFile#store_upload

      # stored uploaded file into local_file_path
      # If it was a Tempfile object, the temporary file will be
      # cleaned up automatically, so we do not have to care for this
      if file.respond_to?(:local_path) and file.local_path and
File.exists?(file.local_path)
        FileUtils.copy_file(file.local_path, local_file_path)
      elsif file.respond_to?(:read)
        File.open(local_file_path, "wb") { |f| f.write(file.read) }
      else
        raise ArgumentError.new("Do not know how to handle
#{file.inspect}")
      end
      File.chmod(options[:permissions], local_file_path)

After the file is created the File.chmod changes the file permission to
the value supplied (defaults to 0644) this all works correctly and is
the reason some of my images have the correct permissions.

The following code snippet appears after the above code in
file_column.rb and is responsible for fixing incorrect file extensions
on the uploaded files.


      if options[:fix_file_extensions]
        # try to determine correct file extension and fix
        # if necessary
        content_type = get_content_type((file.content_type.chomp if
file.content_type))
        if content_type and options[:mime_extensions][content_type]
          @filename =
correct_extension(@filename,options[:mime_extensions][content_type])
        end

        new_local_file_path = File.join(tmp_base_dir,@tmp_dir,@filename)
        File.rename(local_file_path, new_local_file_path) unless
new_local_file_path == local_file_path
        local_file_path = new_local_file_path
      end

If the file extension is 'fixed' by the above code the file gets saved a
second time and it's this saving of the file that was causing some of my
images to have incorrect permissions.

Add the following line after the :fix_file_extensions if statement and
the permissions of 'fixed' files will also be set correctly.


     File.chmod(options[:permissions], local_file_path)


Pin
This topic is locked and can not be replied to.