SUPEE 7405修补程序后用于上传文件的Chmod 640 [英] Chmod 640 for uploaded file after SUPEE 7405 patch

问题描述

在安装SUPEE 7405补丁后，我们注意到从管理员上传图像时出现问题.所有文件权限都被设置为CHMOD 640，这使得所有用户都无法访问它们.

After installing the SUPEE 7405 patch, we noticed a problem uploading images from the admin. All file permissions are being set to CHMOD 640 which makes them inaccessible to all users.

是否有不涉及重写/lib/Varien/File/Uploader.php文件的解决方案?

Is there a solution that does not involve rewriting the /lib/Varien/File/Uploader.php file?

推荐答案

SUPEE-7405的新版本已发布，可以解决此问题:

A new version of SUPEE-7405 has been released that resolves this issue:

http://magento.com/security/patches/supee-7405

2016年2月23日更新

此版本的更新版本现在可用.这些更新增加了对PHP 5.3的支持，并解决了原始版本中遇到的上传文件权限，合并购物车和SOAP API的问题.

Updated versions of this release are now available. The updates add support for PHP 5.3 and address issues with upload file permissions, merging carts, and SOAP APIs experienced with the original release.

请注意，即使没有经过修订的补丁程序，您也可以通过使用建议的文件权限来解决此问题(见下文).

Note that even without the revised patch, you can fix the issue by using the recommended file permissions (see below).

Magento希望网络服务器拥有站点文件:

Magento expects the webserver to own the site files:

http://devdocs.magento.com/guides/m1x/install/installer-privileges_after.html#privs-after

您可以通过使Web服务器成为文件的所有者来解决此问题.

You can resolve this problem by making the webserver the owner of the files.

chown -R web-server-user-name magento/root/path

Web服务器的用户名通常为www-data或apache.

The webserver user name is commonly www-data or apache.

如果您按照上面的链接中的说明进行操作，则Web服务器将对所有文件具有读取访问权限，并对媒体文件和var文件具有写访问权限.这应该是典型站点操作所需的全部.如果您需要使用Magento Connect，则必须暂时授予网络服务器对所有文件的写访问权.

If you follow the instructions in the above link, the webserver will have read access to all files, and write access to media files and var files. This should be all you need for typical site operation. If you need to use Magento Connect you'll have to temporarily give the webserver write access to all files.

所有文件权限都被设置为CHMOD 640，这使得所有用户都无法访问它们.

All file permissions are being set to CHMOD 640 which makes them inaccessible to all users.

只有Web服务器用户需要访问文件.无需向所有用户授予任何权限.

Only the webserver user needs access to the files. There is no need to grant any permissions to all users.

例如，如果您需要通过FTP编辑或上传文件，则可能要授予对特定用户的访问权限.在这种情况下，我要做的是设置一个拥有文件系统的用户，并将文件组设置为Web服务器:

You may want to grant access to a specific user if, for example, you need to edit or upload files via FTP. In this case, what I do is set a user who owns the file system and set the files' group to the webserver:

cd magento/root/directory

# Set ownership 
# 'username' should be the file system owner username
# 'webserver' should be the webserver username
chown -R username:webserver .

# Give the user read/write access to all files.
# Give the webserver read access to all files
find . -type f -exec chmod 640 {} \;
find . -type d -exec chmod 2750 {} \; 

# Give the user and the webserver read/write access to var and media
find var/ -type f -exec chmod 660 {} \;
find media/ -type f -exec chmod 660 {} \;
find var/ -type d -exec chmod 2770 {} \;
find media/ -type d -exec chmod 2770 {} \;
chmod 2770 includes
chmod 660 includes/config.php

以上命令将为您的文件系统所有者提供对所有内容的读/写访问权限，并为Web服务器提供对所有内容的读访问权限.该网络服务器也将能够写入media和var目录.

The above commands will give your file system owner read/write access to everything and the webserver read access to everything. The webserver will also be able to write to the media and var directories.

这篇关于SUPEE 7405修补程序后用于上传文件的Chmod 640的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！