1

My rails application (3.0.11) accesses the file system to download files that users have put onto the file system via SMB. Unfortunately, OS X Lion Server creates files via SMB with these permissions...

rwx --- --- user everyone

...but it does add the appropriate permissions via ACL. The user that rails is run under is "admin" which has full access to the files via the ACLs. Now the problem...

send_file says it cannot access the file. If I add POSIX permissions to the file for "everyone" in which admin is a part of like this...

rwx r-x --- user everyone

...then it can access it even though it should be able to access it only via ACLs. If I put the permissions back to...

rwx --- --- user everyone

...and then try a File.open instead of a send_file rails can read the file. I can even use the open file and feed it to send_data and that works, but I can't use X-Sendfile when I do this.

So what's going on with send_file?

Chris A.
  • 183
  • 11

1 Answers1

0

Rails is using http://rack.rubyforge.org/doc/Rack/Sendfile.html which basically introduces a header in the response (X-Sendfile). The Webserver is then responsible for sending the file to the client.

This is why you have to make the file accessible to the webserver user (on Debian based systems, this is usually www-data).

Have a look at the link above. It gives you configuration examples for Nginx, Lighttpd and Apache. But additionally, you have to make the file readable for (e.g.) www-data.

moritz
  • 25,477
  • 3
  • 41
  • 36
  • Right. But does the apache user honour ACL permissions? In my case it doesn't appear to. I have the Everyone ACL set for read, _www user is in the Everyone group yet it still cannot access the file. – Chris A. Feb 27 '12 at 17:01