Collect.xsendfile,ZODB blob和UNIX文件权限

|| 我目前正在尝试配置Collector.xsendfile,Apache mod_xsendfile和Plone 4。 显然,Apache进程在文件系统上看不到blobstrage文件,因为它们包含许可权: ls -lh var / blobstorage / 0x00 / 0x00 / 0x00 / 0x00 / 0x00 / 0x18 / 0xd5 / 0x19 / 0x038ea09d0eddc611.blob -r -------- 1 plone plone 1006K May 28 15:30 var / blobstorage / 0x00 / 0x00 / 0x00 / 0x00 / 0x00 / 0x18 / 0xd5 / 0x19 / 0x038ea09d0eddc611.blob 如何配置Blobstorage赋予其他权限,以便Apache可以访问这些文件?     
2020-01-14 3 条评论
分享

没有找到相关结果

    已邀请:

    荤碗

            Blobstorage写入其目录和文件的方式在“ 0”中硬编码。具体来说,标准的“ 1”类默认情况下会创建安全目录(当前用户只能读写)。 您可以提供自己的
    FileSystemHelper
    实现,该实现可以使它可配置,或者仅将目录模式设置为
    0750
    ,然后修补
    ZODB.blob.BlobStorageMixin
    以使用您的类而不是默认类: 
    import os
from ZODB import utils
from ZODB.blob import FilesystemHelper, BlobStorageMixin
from ZODB.blob import log, LAYOUT_MARKER

class GroupReadableFilesystemHelper(FilesystemHelper):
    def create(self):
        if not os.path.exists(self.base_dir):
            os.makedirs(self.base_dir, 0750)
            log(\"Blob directory \'%s\' does not exist. \"
                \"Created new directory.\" % self.base_dir)
        if not os.path.exists(self.temp_dir):
            os.makedirs(self.temp_dir, 0750)
            log(\"Blob temporary directory \'%s\' does not exist. \"
                \"Created new directory.\" % self.temp_dir)

        if not os.path.exists(os.path.join(self.base_dir, LAYOUT_MARKER)):
            layout_marker = open(
                os.path.join(self.base_dir, LAYOUT_MARKER), \'wb\')
            layout_marker.write(self.layout_name)
        else:
            layout = open(os.path.join(self.base_dir, LAYOUT_MARKER), \'rb\'
                          ).read().strip()
            if layout != self.layout_name:
                raise ValueError(
                    \"Directory layout `%s` selected for blob directory %s, but \"
                    \"marker found for layout `%s`\" %
                    (self.layout_name, self.base_dir, layout))

    def isSecure(self, path):
        \"\"\"Ensure that (POSIX) path mode bits are 0750.\"\"\"
        return (os.stat(path).st_mode & 027) == 0

    def getPathForOID(self, oid, create=False):
        \"\"\"Given an OID, return the path on the filesystem where
        the blob data relating to that OID is stored.

        If the create flag is given, the path is also created if it didn\'t
        exist already.

        \"\"\"
        # OIDs are numbers and sometimes passed around as integers. For our
        # computations we rely on the 64-bit packed string representation.
        if isinstance(oid, int):
            oid = utils.p64(oid)

        path = self.layout.oid_to_path(oid)
        path = os.path.join(self.base_dir, path)

        if create and not os.path.exists(path):
            try:
                os.makedirs(path, 0750)
            except OSError:
                # We might have lost a race.  If so, the directory
                # must exist now
                assert os.path.exists(path)
        return path


def _blob_init_groupread(self, blob_dir, layout=\'automatic\'):
    self.fshelper = GroupReadableFilesystemHelper(blob_dir, layout)
    self.fshelper.create()
    self.fshelper.checkSecure()
    self.dirty_oids = []

BlobStorageMixin._blob_init = _blob_init_groupread
    颇为实用,您可能希望将此功能作为ZODB3的功能请求:-)     
    2020-01-14 0 0
    分享

    遣莫捅炭

            在为ZOPE / ZEO设置设置备份例程时,我遇到了具有Blob权限的相同问题。 在尝试应用Mikko编写的猴子补丁(不是那么容易)之后,我想出了一个“真实的”补丁来解决该问题。 Martijn建议的补丁程序不完整,但仍无法在Blob文件上设置正确的模式。 所以这是我的解决方案: 1.)创建一个包含以下内容的补丁: 
    Index: ZODB/blob.py
===================================================================
--- ZODB/blob.py    (Revision 121959)
+++ ZODB/blob.py    (Arbeitskopie)
@@ -337,11 +337,11 @@

     def create(self):
         if not os.path.exists(self.base_dir):
-            os.makedirs(self.base_dir, 0700)
+            os.makedirs(self.base_dir, 0750)
             log(\"Blob directory \'%s\' does not exist. \"
                 \"Created new directory.\" % self.base_dir)
         if not os.path.exists(self.temp_dir):
-            os.makedirs(self.temp_dir, 0700)
+            os.makedirs(self.temp_dir, 0750)
             log(\"Blob temporary directory \'%s\' does not exist. \"
                 \"Created new directory.\" % self.temp_dir)

@@ -359,8 +359,8 @@
                     (self.layout_name, self.base_dir, layout))

     def isSecure(self, path):
-        \"\"\"Ensure that (POSIX) path mode bits are 0700.\"\"\"
-        return (os.stat(path).st_mode & 077) == 0
+        \"\"\"Ensure that (POSIX) path mode bits are 0750.\"\"\"
+        return (os.stat(path).st_mode & 027) == 0

     def checkSecure(self):
         if not self.isSecure(self.base_dir):
@@ -385,7 +385,7 @@

         if create and not os.path.exists(path):
             try:
-                os.makedirs(path, 0700)
+                os.makedirs(path, 0750)
             except OSError:
                 # We might have lost a race.  If so, the directory
                 # must exist now
@@ -891,7 +891,7 @@
             file2.close()
         remove_committed(f1)
     if chmod:
-        os.chmod(f2, stat.S_IREAD)
+        os.chmod(f2, stat.S_IRUSR | stat.S_IRGRP)

 if sys.platform == \'win32\':
     # On Windows, you can\'t remove read-only files, so make the
    您也可以在这里查看补丁-> http://pastebin.com/wNLYyXvw 2.)将修补程序以名称“'blob.patch \”存储在构建根目录中 3.)扩展构建配置: 
    parts += 
    patchblob
    postinstall

[patchblob]
recipe = collective.recipe.patch
egg = ZODB3
patches = blob.patch

[postinstall]
recipe = plone.recipe.command
command = 
    chmod -R g+r ${buildout:directory}/var
    find ${buildout:directory}/var -type d | xargs chmod g+x
update-command = ${:command}
    安装后部分对现有的Blob设置所需的组读取权限。注意,还必须对blob文件夹授予执行权限,该组才能进入目录。 我已经使用ZODB 3.10.2和3.10.3测试了此补丁。 正如Martijn所建议的,这应该是可配置的,并且是ZODB的直接一部分。     
    2020-01-14 0 0
    分享
    为什么被折叠? 0 个回复被折叠

    要回复问题请先登录注册

    或代码 OrCode.com 备案号:粤ICP备15020848号-1
    Escape time: 0.038890838623047