[GMG-Devel] video transcoding creates excessively restricted files

mediagoblin-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GMG-Devel] video transcoding creates excessively restricted files

From:	Kushal Kumaran
Subject:	[GMG-Devel] video transcoding creates excessively restricted files
Date:	Tue, 02 Jul 2013 23:49:45 +0530
User-agent:	Notmuch/0.15.2+174~gb6d4402 (http://notmuchmail.org) Emacs/24.2.1 (x86_64-pc-linux-gnu)

Hi,

I have a mediagoblin setup with nginx/separate-celery following the
instructions at
http://docs.mediagoblin.org/siteadmin/production-deployments.html.  When
I upload a video that needs transcoding, the transcoded file and the
thumbnail are created with 0600 permissions.  So nginx, which is running
as a different user, is not able to serve those files.

I tracked down the problem to tempfile.NamedTemporaryFile, which always
creates files with 0600 permissions, rather than doing 0666 and letting
the umask adjust the actual permissions.

I have a patch that fixes the problem, but I'm curious to know if other
people have encountered this problem, and if there are better ways to
solve it.

BEGIN PATCH
diff --git a/mediagoblin/media_types/video/processing.py 
b/mediagoblin/media_types/video/processing.py
index ff2c94a..7c45e30 100644
--- a/mediagoblin/media_types/video/processing.py
+++ b/mediagoblin/media_types/video/processing.py
@@ -15,6 +15,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 from tempfile import NamedTemporaryFile
+import os
 import logging
 import datetime
 
@@ -54,6 +55,12 @@ def sniff_handler(media_file, **kw):
     return False
 
 
+def update_file_permissions(filename):
+    m = os.umask(0)
+    os.umask(m)
+    os.chmod(filename, 0666 & ~m)
+
+
 def process_video(proc_state):
     """
     Process a video entry, transcode the queued media files (originals) and
@@ -117,6 +124,7 @@ def process_video(proc_state):
 
             # Push transcoded video to public storage
             _log.debug('Saving medium...')
+            update_file_permissions(tmp_dst.name)
             mgg.public_store.copy_local_to_storage(tmp_dst.name, 
medium_filepath)
             _log.debug('Saved medium')
 
@@ -141,6 +149,7 @@ def process_video(proc_state):
 
         # Push the thumbnail to public storage
         _log.debug('Saving thumbnail...')
+        update_file_permissions(tmp_thumb.name)
         mgg.public_store.copy_local_to_storage(tmp_thumb.name, 
thumbnail_filepath)
         entry.media_files['thumb'] = thumbnail_filepath
END PATCH

-- 
regards,
kushal

[Prev in Thread]

Current Thread

[Next in Thread]

[GMG-Devel] video transcoding creates excessively restricted files, Kushal Kumaran <=
- Re: [GMG-Devel] video transcoding creates excessively restricted files, ayleph, 2013/07/02
  - Re: [GMG-Devel] video transcoding creates excessively restricted files, ayleph, 2013/07/02
    - Re: [GMG-Devel] video transcoding creates excessively restricted files, Kushal Kumaran, 2013/07/02
    - Re: [GMG-Devel] video transcoding creates excessively restricted files, Christopher Allan Webber, 2013/07/09

Prev by Date: [GMG-Devel] New Plugin Authentication System
Next by Date: Re: [GMG-Devel] video transcoding creates excessively restricted files
Previous by thread: [GMG-Devel] New Plugin Authentication System
Next by thread: Re: [GMG-Devel] video transcoding creates excessively restricted files
Index(es):
- Date
- Thread