From 8717b26698e7d3bc243c60edd9b1e3abdd15f790 Mon Sep 17 00:00:00 2001
From: Mahan Noorbahr <m2.noorbahr@gmail.com>
Date: Thu, 16 Apr 2026 16:26:27 +0930
Subject: [PATCH] Change temporary file permissions to 666

Set permissions of the temporary file to 666 before replacing.
ComfyUI could be used in a shared environment and the restricted permissions introduced by this temporary file creation makes it so that workflows and other files saved through this endpoint are inaccessible by others.
---
 app/user_manager.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/user_manager.py b/app/user_manager.py
index e18afb71b..7eb74291b 100644
--- a/app/user_manager.py
+++ b/app/user_manager.py
@@ -383,6 +383,7 @@ class UserManager():
                 try:
                     with os.fdopen(fd, "wb") as f:
                         f.write(body)
+                    os.chmod(tmp_path, 0o666)
                     os.replace(tmp_path, path)
                 except:
                     os.unlink(tmp_path)