Mindexperiment's avatar

Uploaded files permissions for ffmpeg processing

Hi folks,

I'm working with laravel to build a service for video management, I need to run 3 jobs each time a user upload a file on his own account. Everithing work well, the folder is set up, the file is uploaded and the jobs is called successfully but when it's time to ffmpeg the uploaded file and convert'em the system raise a Permission denied exception.

After a day of search I noticed that even if I set up permissions on public folder and files to 755 the uploaded file is saved with 0644 permission. This blocks groups and others writing and executing the file -> also ffmpeg is blocked.

How can I manage the permissionsof the uploaded files to reflect at least the permissions set on the server?

I save the file:

  $userPath = "{$request->user()->folder}/videos/{$adv->id}";
  $path = $request->file( 'uservideo' )->store( $userPath, 'public' );

then run a job

  ConvertVideoToLowQuality::dispatch( $x, $video )->onConnection( 'sqs' )->onQueue( 'my-queue' );

then log file

 devel.ERROR: ffmpeg failed to execute command '/usr/local/bin/ffmpeg' '-y' '-i' ....

If I call the ffmpeg command on the command line I can see the Permission Denied exception

Thank you

0 likes
2 replies
Mindexperiment's avatar

I continue making test on my server to make things works but I'm stuck against this problem.

I have added a new group "webserver", then assigned the group to users involved "ec2-user" and "apache". After this I set up my /var/www folder with the following commands:

//own the folder
sudo chown -R ec2-user:webserver /var/www
//change folder permissions
sudo chmod 2755 /var/www
//find all directory and set permission (also new directory)
find /var/www -type d -exec sudo chmod 2755 {} +
//find all files and set permission (also new files)
sudo find /var/www -type f -exec chmod 0664 {} +

//open storage and cache folder
sudo chmod -R ug+rwx storage bootstrap/cache

at this point I should be right for everything.. but.. I upload a new file in the public folder and the file has:

-rw-r--r-- 1 apache webserver 12080306 Dec 21 21:48 eXU7Ul6v1m6968WvmApCJ383p1riz0SxxcHsLfYI.qt

the file is owned by apache, with the group webserver but the permissions are 0644, closed for groups and others...

That's =( ..what's wrong? Thanks

Mindexperiment's avatar

I try again by managing permissions throug ACL, setting default permissions for group "webserver"

setfacl -R -d -m g:webserver:rw /var/www

and the uploaded file has:

-rw-r--r--+ 1 apache webserver 12080306 Dec 22 15:32 Y5ywiqhkmW6DbbdxPB7DG1iI24BfJQnLOXfx11cX.qt

always 644 permissions.... someone is kidding me.

I've already lost too much time on this problem. Can anyone tell me if it is possible to create a job that modifies the permissions each time a file is loaded?

Please or to participate in this conversation.