Quantcast

django ownership question

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

django ownership question

akleider
What is the standard or "best practice" with regard to ownership and
permissions regarding a django framework?
We have set up pathagar (1) (a django application) but are getting some
errors having to do with permissions and haven't been able to sort out
exactly why.

 Currently we have separate users: 'path' for the django files, and
apache2 is running as 'www-data'. We have added user www-data to the path
group and user path to the www-data group (and have set all group
permissions to the same as the owner permissions) but are still getting
permission errors when running one of the command line utilities. The
same command works fine if run as root.

Should all the django framework files be owned by the apache run user?

Any advice would be appreciated.

alex

1. "The Pathagar OPDS Book Server (https://github.com/sayamindu/pathagar)
now runs on the Marvell DreamPlug plug server. This plug server has
built-in
Wi-Fi access point and can run on 12 volts DC. Very cool!"
To view the full post:
https://plus.google.com/_/notifications/emlink?emrecipient=105869686236412461330&emid=CNi03vHWka8CFYUVQAodvXkAAA&path=%2F118336168615253613647%2Fposts%2FTg5PGbA5TYV%3Fgpinv%3DAMIXal9QDHblcc236FlGzSmtyeBtaujmab_7fccw4It5PGlv1PcoElPqf6JgznlyAvf7nu_vNlhPbiYPOlBQC3fLAitSSxHwlDRCAsgkc-xMKE2iSIK9aSU%26hl%3Den&dt=1333215532393






_______________________________________________
Baypiggies mailing list
[hidden email]
To change your subscription options or unsubscribe:
http://mail.python.org/mailman/listinfo/baypiggies
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: django ownership question

Isaac-18
Your application users need to have read permission on all parent directories. I believe I once had a permission problem because the parent directory holding my application was not readable by my Apache user.

On Sun, Apr 1, 2012 at 12:25 PM, <[hidden email]> wrote:
What is the standard or "best practice" with regard to ownership and
permissions regarding a django framework?
We have set up pathagar (1) (a django application) but are getting some
errors having to do with permissions and haven't been able to sort out
exactly why.

 Currently we have separate users: 'path' for the django files, and
apache2 is running as 'www-data'. We have added user www-data to the path
group and user path to the www-data group (and have set all group
permissions to the same as the owner permissions) but are still getting
permission errors when running one of the command line utilities. The
same command works fine if run as root.

Should all the django framework files be owned by the apache run user?

Any advice would be appreciated.

alex

1. "The Pathagar OPDS Book Server (https://github.com/sayamindu/pathagar)
now runs on the Marvell DreamPlug plug server. This plug server has
built-in
Wi-Fi access point and can run on 12 volts DC. Very cool!"
To view the full post:
https://plus.google.com/_/notifications/emlink?emrecipient=105869686236412461330&emid=CNi03vHWka8CFYUVQAodvXkAAA&path=%2F118336168615253613647%2Fposts%2FTg5PGbA5TYV%3Fgpinv%3DAMIXal9QDHblcc236FlGzSmtyeBtaujmab_7fccw4It5PGlv1PcoElPqf6JgznlyAvf7nu_vNlhPbiYPOlBQC3fLAitSSxHwlDRCAsgkc-xMKE2iSIK9aSU%26hl%3Den&dt=1333215532393






_______________________________________________
Baypiggies mailing list
[hidden email]
To change your subscription options or unsubscribe:
http://mail.python.org/mailman/listinfo/baypiggies


_______________________________________________
Baypiggies mailing list
[hidden email]
To change your subscription options or unsubscribe:
http://mail.python.org/mailman/listinfo/baypiggies
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: django ownership question

malcolm
Afaik, you don't need read permissions, but you *do* need execute permissions (ability to navigate the tree).

-m

On Sun, Apr 1, 2012 at 2:57 PM, Isaac <[hidden email]> wrote:
Your application users need to have read permission on all parent directories. I believe I once had a permission problem because the parent directory holding my application was not readable by my Apache user.

On Sun, Apr 1, 2012 at 12:25 PM, <[hidden email]> wrote:
What is the standard or "best practice" with regard to ownership and
permissions regarding a django framework?
We have set up pathagar (1) (a django application) but are getting some
errors having to do with permissions and haven't been able to sort out
exactly why.

 Currently we have separate users: 'path' for the django files, and
apache2 is running as 'www-data'. We have added user www-data to the path
group and user path to the www-data group (and have set all group
permissions to the same as the owner permissions) but are still getting
permission errors when running one of the command line utilities. The
same command works fine if run as root.

Should all the django framework files be owned by the apache run user?

Any advice would be appreciated.

alex

1. "The Pathagar OPDS Book Server (https://github.com/sayamindu/pathagar)
now runs on the Marvell DreamPlug plug server. This plug server has
built-in
Wi-Fi access point and can run on 12 volts DC. Very cool!"
To view the full post:
https://plus.google.com/_/notifications/emlink?emrecipient=105869686236412461330&emid=CNi03vHWka8CFYUVQAodvXkAAA&path=%2F118336168615253613647%2Fposts%2FTg5PGbA5TYV%3Fgpinv%3DAMIXal9QDHblcc236FlGzSmtyeBtaujmab_7fccw4It5PGlv1PcoElPqf6JgznlyAvf7nu_vNlhPbiYPOlBQC3fLAitSSxHwlDRCAsgkc-xMKE2iSIK9aSU%26hl%3Den&dt=1333215532393






_______________________________________________
Baypiggies mailing list
[hidden email]
To change your subscription options or unsubscribe:
http://mail.python.org/mailman/listinfo/baypiggies


_______________________________________________
Baypiggies mailing list
[hidden email]
To change your subscription options or unsubscribe:
http://mail.python.org/mailman/listinfo/baypiggies


_______________________________________________
Baypiggies mailing list
[hidden email]
To change your subscription options or unsubscribe:
http://mail.python.org/mailman/listinfo/baypiggies
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: django ownership question

Asheesh Laroia
In reply to this post by akleider
Excerpts from akleider's message of Sun Apr 01 12:25:59 -0400 2012:

> What is the standard or "best practice" with regard to ownership and
> permissions regarding a django framework?
> We have set up pathagar (1) (a django application) but are getting some
> errors having to do with permissions and haven't been able to sort out
> exactly why.
>
>  Currently we have separate users: 'path' for the django files, and
> apache2 is running as 'www-data'. We have added user www-data to the path
> group and user path to the www-data group (and have set all group
> permissions to the same as the owner permissions) but are still getting
> permission errors when running one of the command line utilities. The
> same command works fine if run as root.

The best practice, in my opinion, is to have the web server run
the Django code as a chosen uesr ID (in your case, 'path'). This is
fairly easy to do with e.g. mod_wsgi in daemon mode, the recommended
way to run it.

Then make sure the Django app's data paths (STATIC_FILES etc.) are
owned by that user ID.

Note that the Django "framework" (the .py files AKA Python modules that
make it possible to run 'import django' from Python) do not need to be
owned by anyone in particular. Make sure the runtime paths where your
Django app will be writing data are owned by the app's user ID.

Hope that helps!

P.S. Hi Alex, nice to see you here!
_______________________________________________
Baypiggies mailing list
[hidden email]
To change your subscription options or unsubscribe:
http://mail.python.org/mailman/listinfo/baypiggies
Loading...