[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GMG-Devel] video transcoding creates excessively restricted files
From: |
Kushal Kumaran |
Subject: |
[GMG-Devel] video transcoding creates excessively restricted files |
Date: |
Tue, 02 Jul 2013 23:49:45 +0530 |
User-agent: |
Notmuch/0.15.2+174~gb6d4402 (http://notmuchmail.org) Emacs/24.2.1 (x86_64-pc-linux-gnu) |
Hi,
I have a mediagoblin setup with nginx/separate-celery following the
instructions at
http://docs.mediagoblin.org/siteadmin/production-deployments.html. When
I upload a video that needs transcoding, the transcoded file and the
thumbnail are created with 0600 permissions. So nginx, which is running
as a different user, is not able to serve those files.
I tracked down the problem to tempfile.NamedTemporaryFile, which always
creates files with 0600 permissions, rather than doing 0666 and letting
the umask adjust the actual permissions.
I have a patch that fixes the problem, but I'm curious to know if other
people have encountered this problem, and if there are better ways to
solve it.
BEGIN PATCH
diff --git a/mediagoblin/media_types/video/processing.py
b/mediagoblin/media_types/video/processing.py
index ff2c94a..7c45e30 100644
--- a/mediagoblin/media_types/video/processing.py
+++ b/mediagoblin/media_types/video/processing.py
@@ -15,6 +15,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from tempfile import NamedTemporaryFile
+import os
import logging
import datetime
@@ -54,6 +55,12 @@ def sniff_handler(media_file, **kw):
return False
+def update_file_permissions(filename):
+ m = os.umask(0)
+ os.umask(m)
+ os.chmod(filename, 0666 & ~m)
+
+
def process_video(proc_state):
"""
Process a video entry, transcode the queued media files (originals) and
@@ -117,6 +124,7 @@ def process_video(proc_state):
# Push transcoded video to public storage
_log.debug('Saving medium...')
+ update_file_permissions(tmp_dst.name)
mgg.public_store.copy_local_to_storage(tmp_dst.name,
medium_filepath)
_log.debug('Saved medium')
@@ -141,6 +149,7 @@ def process_video(proc_state):
# Push the thumbnail to public storage
_log.debug('Saving thumbnail...')
+ update_file_permissions(tmp_thumb.name)
mgg.public_store.copy_local_to_storage(tmp_thumb.name,
thumbnail_filepath)
entry.media_files['thumb'] = thumbnail_filepath
END PATCH
--
regards,
kushal
- [GMG-Devel] video transcoding creates excessively restricted files,
Kushal Kumaran <=