Uploads directory permissions using ACL

I don’t want to set 777 because that is a BIG security no-no, and I don’t think people should be recommending it. (Somewhat related to the discussion in this thread: http://www.sitepoint.com/forums/showthread.php?t=715304)

As far as I understand this is the purpose of ACL - when unix permissions are not enough.

I had this working at one point so I’m returning to the forum to try and see if anyone can help me fix this because now its broken. I’m using Wordpress and I am setting the permissions of the uploads folder. It broke after I (quite stupidly) replaced the uploads folder when doing a manual upgrade to 3.0.2 and at the same time I took the liberty of changing the site address in setting to the public IP of the server so it wasn’t just local anymore.

Anyway here is the error message:

“83605924.jpg” has failed to upload due to an error
The uploaded file could not be moved to /Users/Ankur/Design/Projects/RestoManifesto/root/wp-content/uploads/2010/12.

And here is the outpout of ls -ela for the wp-content directory

AnkurMac:wp-content Ankur$ ls -ela
total 8
drwxr-xr-x@  7 Ankur  staff   238 Dec  2 03:48 .
drwxr-xr-x+ 40 Ankur  staff  1360 Dec  2 13:15 ..
 0: user:_www allow list,add_file,add_subdirectory,readattr,writeattr,readextattr,writeextattr,readsecurity
drwxr-xr-x   7 Ankur  staff   238 Dec  3 23:32 .svn
-rw-r--r--@  1 Ankur  staff    30 May  4  2007 index.php
drwxr-xr-x@  8 Ankur  staff   272 Dec  2 13:15 plugins
drwxr-xr-x@  9 Ankur  staff   306 Dec  2 13:15 themes
drwxr-xr-x+  5 Ankur  staff   170 Dec  2 15:38 uploads
 0: user:_www allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit

I gave the uploads directory every permission for the apache user except writesecurity and chown. Changing the permalink structure seems to work fine and I think that is writing to the .htaccess file, FYI.

so i think this problem isnt related to permissions afterall. i did a chmod 777 uploads/ just in case to see if that made the uploader work. nope.

so any idea what else could cause this error? i notices its not the error that comes when nothing can be written but its specifically talking about moving the file.

i’ve also made sure that my Settings have wp-content/uploads as my media upload directory.

FIX!

okay so the key concept here is that the file_inherit and directory_inherit flags only work for NEW files that are created inside those directories. since i was uploading an image and it was trying to write to an existing directory (2010/12), i was getting the error because the ACL’s permissions wouldn’t apply. the solution is to manually apply those permissions to all of the directories inside (which seems a little less elegant than it should be - so if you have any ideas on a better way please tell) and now uploads work as they should.

proof that you don’t need 777 on ur uploads folder though.