File Upload Permissions Issues
lists at viaduct-productions.com
Wed Jun 27 13:42:04 UTC 2018
> On Jun 27, 2018, at 2:02 AM, Maxim Dounin <mdounin at mdounin.ru> wrote:
> On Wed, Jun 27, 2018 at 12:56:09AM -0400, VP Lists wrote:
>> OK, here’s where things get interesting:
>> On MacOS El Capitan: --http-client-body-temp-path=/usr/local/var/run/nginx/client_body_temp
>> /usr drwxr-xr-x@ 13 root wheel 442B May 26 2017 usr
>> /usr/local drwxr-xr-x 28 rich admin 952B Mar 30 16:12 local
>> /usr/local/var drwx------ 36 rich admin 1.2K May 7 21:01 var
> Clearly "nobody" has no rights to work with anything in
> /usr/local/var. That's what causes the error you've faced. You
> have to fix it for things to work.
I changed it to 755. Works now.
>> On two different boxes, two different OSes, showing variable
>> eXecution permissions within the path. Not only that, but in
>> both instances, the client_body_temp permissions show “drwx- - -
>> - - -“, and for two different owner:group combinations.
>> Why would nginx allow this to happen? Is it not thinkable that
>> either nginx would state that a clear path to the directory
>> responsible for receiving file uploads be permitted? Or maybe
>> the maintainers receiving this as a criteria for installation?
>> I find this quite odd.
>> Running around patching up path permissions to installed
>> directories, specific to nginx, is truly strange.
> Permissions on FreeBSD are perfectly fine.
> Permissions on macOS are broken due to incorrect permissions on
> /usr/local/var, and it's clearly not nginx business to do anything
> with permissions on the system-wide directory.
> If you think packaging system you've used to install things into
> /usr/local/ could be better at maintaining correct permissions on
> various folders under /usr/local/ - you may want to contact
> authors of the packaging system.
With regards to system-wide directories and nginx choosing this as the target directory, I’m not versed in who has what right to do what during installation, with regards to chmod, chown, chgrp, etc. As well, the same goes for package managers vs nginx. I was just under the assumption it would all have a collective agreement that a sticky permission (t) would apply so that there could be some kind of installation functionality happening. But I guess not, so the /usr/local/var permissions, even though a system-wide directory, needed to be changed.
Rich in Toronto @ VP
More information about the nginx