upload_store_access
The `upload_store_access` directive sets the access permission for uploaded files stored in the specified directory.
Description
The upload_store_access directive specifies the access permissions for files stored through the upload_store directive in NGINX's upload module. This directive allows you to set the file permissions upon creation of the uploaded files in the specified directory. You can specify up to three parameters, typically consisting of the desired access mode, which can include numerical modes (e.g., 0644) or symbolic modes (e.g., 'user:rw', 'group:rw', 'other:r'). This flexibility allows administrators to fine-tune the file permissions based on the security requirements of the application.
When using this directive, it is important to understand that file permissions will only affect the files created during the upload process. The settings will not retroactively affect files that have already been uploaded. Additionally, if the permissions are not set according to the server's capabilities, the uploads might fail due to insufficient permission settings. Therefore, it is crucial to ensure that the web server's user has the necessary permissions to change file modes in the configured storage path.
This directive is especially useful in environments where security is crucial, allowing strict control over who can access the uploaded files and ensuring compliance with data protection policies.
Config Example
location /upload {
upload_store /tmp/uploads;
upload_store_access user:rw group:rw other:r;
upload_pass /upload/handler;
}Ensure the web server has permission to change file modes; otherwise, uploads will fail.
Remember that existing files won't be affected by this setting once they are created.
Setting overly permissive access can lead to security vulnerabilities. Use the least privilege principle.