File with wrong rights deleted on save attempt

[Bacto]

Hi,

First, thank you for Filebrowser, it is very useful :)

When I'm trying to save a file (after editing it in Filebrowser), the file on the server is deleted if the permissions are wrong.

In my case, the root directory is owned by the same user as filebrowser is running.
But the file I'm trying to edit is owned by root (with 644 rights).

Here is how to reproduce the bug:

1. Start the container

docker run \
    -v /tmp/filebrowserTest:/srv \
    -p 8000:80 \
    --user $(id -u):$(id -g) \
    filebrowser/filebrowser --noauth -d /tmp/filebrowser.db

2. Set the rights

chown $(id -u):$(id -g) /tmp/filebrowserTest

touch /tmp/filebrowserTest/myFile
chown root:root /tmp/filebrowserTest/myFile
chmod 644 /tmp/filebrowserTest/myFile

3. open myFile in Filebrowser, edit it and save it. You will get a 403 (that's expected) but then go back to the directory and you will see that the file myFile has been removed by Filebrowser.

It seems related to this:
https://github.com/filebrowser/filebrowser/blob/master/http/resource.go#L178

Thanks,
Adrien

[ramiresviana]

Thanks for the report, files should not be deleted when an error occurs with the PUT method, that must be fixed. This happens when the server cannot write on the file but can delete it, deleting is handled by the directory permissions and not by the permissions of the file.