Details
-
Bug
-
Resolution: Fixed
-
Critical
-
4.4.0-beta1
-
Ibexa Open Source
Description
After the upgrade to Flysystem v2 (IBX-1439) directory permissions are not properly set for the new directories created on the fly when needed. This is a regression for configurations which run httpd daemon using user which has no direct access to the created files. Prior the upgrade this was resolved by setting group-level permissions for directories.
Steps to reproduce
- Make clean instance of Ibexa (OSS, DXP - doesn't matter)
- Make sure that your clean instance doesn't have any binary files and directories created in public/var/site
- Create a binary file (e.g. image) using Ibexa back-office.
Actual result
See that permissions for any directory created by Ibexa instance during executing point 3. have permissions different than the ones configured via File management: Permissions of generated files. Specifically, by default you can observe (on *nix systems systems do: ls -l):
drwx------
while current default config sets them as 0755 which should translate to:
drwxr-xr-x
Additionally if you run your httpd instance with user different than the one which is run by PHP-FPM you'll see 403 forbidden when trying to access uploaded files. This can be reproduced either by standalone local Apache or Nginx configuration when using CGI/FPM or by running Ibexa instance inside Docker container.
Expected result
Permissions for files and directories are set according to the configuration mentioned above (Documentation link).
Designs
Attachments
Issue Links
- links to