-
Notifications
You must be signed in to change notification settings - Fork 103
Description
The outcome of a lot of functions depends on vfsStream::getCurrentUser() but there is currently no vfsStream::setCurrentUser(). Instead, it is assumed the current Linux user is relevant or that testing everything as a single-user is sufficient.
In my experience this is not necessarily true. Scripts may be run as root and individual queue workers may run under varying users. (E.g. when files are shared with other non-web applications that run as different users for security purposes.)
Alternatively you may consider an option to disable owner/permission checking altogether, as those can still be tested for separately. (Note that some checks are missing/wrong already: normally only root can use chown, but in vfsStream any user can chown if they're the current owner.)