From 21f6c9128fd871a07c73dcf19b7abd17ba30e761 Mon Sep 17 00:00:00 2001 From: Joseph Nuthalapati Date: Fri, 30 Aug 2024 15:51:30 +0530 Subject: [PATCH] django: Improve handling of file uploads 1. Set temporary directory to /var/tmp 2. Drop MemoryFileUploadHandler Tests: - During upload notice that file are in /var/tmp/system-private... folder instead of /var/tmp. - Upload a file but rename with another extension instead of moving to destination through changes in code. Notice that the file is available in /var/tmp/systemd-private... directory after the upload operation is completed. Stop the service and notice that the file has been deleted. Folder is empty after the service starts again. Signed-off-by: Joseph Nuthalapati [sunil: Add PrivateTmp=yes in plinth.service file] [sunil: Update comments] Signed-off-by: Sunil Mohan Adapa Reviewed-by: Veiko Aasa --- data/usr/lib/systemd/system/plinth.service | 1 + plinth/settings.py | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/data/usr/lib/systemd/system/plinth.service b/data/usr/lib/systemd/system/plinth.service index d50717327..15a9fd4ed 100644 --- a/data/usr/lib/systemd/system/plinth.service +++ b/data/usr/lib/systemd/system/plinth.service @@ -15,6 +15,7 @@ User=plinth Group=plinth StandardOutput=null StandardError=null +PrivateTmp=yes [Install] WantedBy=multi-user.target diff --git a/plinth/settings.py b/plinth/settings.py index 1a982c3aa..61862f668 100644 --- a/plinth/settings.py +++ b/plinth/settings.py @@ -96,6 +96,23 @@ DEBUG = False # seems to avoid a warning while running 'django-admin makemigrations'. DEFAULT_AUTO_FIELD = 'django.db.models.AutoField' +# /tmp, the default value for this setting, is mounted as tmpfs which is in +# RAM. It can only handle files of size proportionate to the amount of +# available RAM. /var/tmp is on a physical disk. Most of the time, /var/tmp +# will on the same file system as the final destination of the uploaded file, +# which is the app's storage folder in /var/lib/. This eliminates an extra disk +# copy operation. Left over files in /var/tmp/ will be cleaned up when service +# stops due to PrivateTmp=yes in service's systemd unit. +FILE_UPLOAD_TEMP_DIR = '/var/tmp' + +# Disable MemoryFileUploadHandler to handle files of all sizes in the same way. +# Uploaded files need to be handled by privileged methods (in a separate +# process) in order to move to the target service's directory and set required +# ownership and permissions. +FILE_UPLOAD_HANDLERS = [ + "django.core.files.uploadhandler.TemporaryFileUploadHandler", +] + # Overridden based on the configuration key server_dir FORCE_SCRIPT_NAME = '/plinth'