I have some media content in ubuntu server. I can upload files. but when I try to load files it shows 403 forbidden nginx/1.10.3 (ubuntu).In file permission, it displays rw--------.
How can I retrieve all content without error?
I'm not familiar with Ubuntu
I used this snippet to recover files. However, it only works the single time. After some while, it shows the same error.
sudo chmod -R 664 /home/django/media/image/
sudo chmod -R a+X /home/django/media/image/
The nginx user must be able to read those files. You can use group permissions to allow that. Also the wsgi user must have its umask set so that files it creates are readable for the group as well.
In your case it looks like your wsgi user has umask 077, which makes files it creates only readable by the owner (rw--------). Thus nginx does not have read permission. Instead use umask 027, which will permit group users to access those files, but not write to them (there's no reason for nginx to have write access).
For example if you are using gunicorn as your wsgi server, you can use gunicorn flags --group www --umask 027. Make sure both gunicorn and nginx user belongs to the www group.
Fix permission something like this.
# set group to `www` for all files recursively
sudo chgrp www -R /home/django/media/
# set all files to be read/write by owner and readable by group `www`
find /home/django/media/ -type f -exec chmod 640 {} ;
# same with directories +execute
find /home/django/media/ -type d -exec chmod 750 {} ;
Alternatively, use 644 for files and 755 for directories, and 022 for umask. Then group permissions don't matter, since all users gets read access.
The latter option is not security best practice, but it's probably fine, as long as you only give the django user write access.
Related
While Submitting a form having media input its showing
[Errno 13] Permission denied: '/home/ubuntu/django/media/pictures'
I have searched in google but no one told giving permissions for media files , they ever all telling about static files only . Can any one please tell me which permission i have to give to it with chmod no.
You're having permissions issues. To fix it, you need to allow the Apache process access to the folder and it's content.
This can be done through the following steps
Change the permissions to read and write
chmod 664 /home/ubuntu/django/media/pictures -R
Give the group Apache runs under (www-data group) group ownership of the folder and its content
sudo chown -R :www-data ~/home/ubuntu/django/media/pictures
Restart the Apache service
sudo service apache2 restart
If you want to ensure Django behaves as it should, you can also add the following to your settings.py
FILE_UPLOAD_DIRECTORY_PERMISSIONS = 0o755
FILE_UPLOAD_PERMISSIONS = 0o644
I have created a Laravel project in laravel 5.4 and i have made it live using AWS server . Now the issue I face is I have to provide the 777 permission to storage folder very frequently and due to this the site is not working properly. Can anyone help me with this as what can be the issue ? I have already given 777 permission to storage folder but somehow the permission changes and site stops as it cannot write log in log file. Thanks in advance
Ideally giving 777 permissions means who have open the access to ANYONE in the world who can access your storage with all Read/Write permissions.
You need to assign permission to your Web server to access the Directories and files which you can do in following way:
www-XXX can be your webserver user
sudo chown -R www-xxx:www-xxx /path/to/your/laravel/root/directory
Now in order to grant the storage level permissions to your webserver you need to execute the below commands
sudo chgrp -R www-data storage bootstrap/cache
sudo chmod -R ug+rwx storage bootstrap/cache
I have my application running on an ec2 instance.
I can successfully ssh into my application but when I cd in to the correct folder and run ls I get the following error:
ls: cannot open directory '.': Permission denied
It seems like it has something to do with my user permissions because running the application also throws a 403 Forbidden error.
The permissions for my application folder are as follows:
d-wx-wx--x 17 ubuntu ubuntu 4096 Apr 20 10:53 application-name
Do I need to change this to something else to make it work? And how?
This error makes sense if you don't have enough privileges to read that directory. try changing the permissions for current user or change the access mode to global i.e 777
For example:
sudo bash
chmod 775 .
This is basically caused when the current user doesn't have enough permission to read/write/execute the contents of that directory.
Here's how you can fix it:
To grant the user permission to just the current directory, you could do this:
sudo chmod 775 directory_name
OR
sudo chmod a+rwx,o-w directory_name
To grant the user permission to the current directory, it's subdirectories and files, you could do this:
sudo chmod -R 775 directory_name
OR
sudo chmod -R a+rwx,o-w directory_name
Note:
chmod means change mode or in a more literal sense change access permissions.
-R means change files and directories recursively.
a means all users
r means read permission
w means write permission
x means execute permission
o means others
+ means add
- means remove.
So it means recursively add read, write and execute permissions to everyone, but then remove write permissions from others.
That's all.
I hope this helps
You don't have read permission on your folder.
Run chmod 775 application-name to allow read in your folder.
You'll find additional info about chmod at this link: https://kb.iu.edu/d/abdb
I have a hosted server on Google Cloud Platform (GCP), and I am trying to overwrite some files.
I was able to make a connection through WinSCP, and I'm able to find the directory of the files I need to overwrite, however, all files are read-only.
How can I manage the permissions to give myself add/change permissions?
I agree this seems to be related to permissions on the files. I am not able to comment and wanted to add that if you want to avoid changing the ownership of directory and files, you can always set up a group as an owner.
Details can be found on this discussion
Summarizing:
# groupadd mygroup
# useradd -G mygroup user1
# chown -R :mygroup /path/folder
# chmod -R g+rw /path/folder
Create new group ‘mygroup’
Adds user user1 to mygroup
Recursively grants group ownership to content of /path/folder/ to mygroup
Recursively grants group read & write permission to contents of /path/folder
This will effectively allow you to manage users in mygroup with the appropriate permissions and access.
You need to be the owner of the file in order to be able to make changes. For example, if root is the owner of the file, you won't be able to change it (since GCP doesn't allow root access through FTP).
What you should do is make you (the user logged through WinSCP) owner of the file using command line and then make changes to the file. Be careful to make the old owner of the file owner again.
For example, using Centos and WinSCP you should do this:
Login to your server with WinSCP
Login to your server through putty or any other command line client
in putty: sudo chown YOUR_USER /complete/URL/file/in/your/server.XYZ
make whatever changes you need to make to your file
in putty: sudo chown OLD_USER /complete/URL/file/in/your/server.XYZ
YOUR_USER is the user you are logged in on WinSCP.
OLD_USER can be apache, root or whatever
If you want to upload a new file you must take ownership of the folder. To do that do not specify the file on the chown command, for instance:
sudo chown YOUR_USER /complete/URL/folder/
Once you finish, give back ownership to OLD_USER.
This can be a pain but is the only way I found to edit my files in my GCP server...
Hope this helps.
I have a set of Django Log files, for which I have the appropriate logger set to write out messages. However each time it creates a new log file, the permissions on the file don't allow me to start the shell, and at times cause issues with apache.
I have ran chmod -Rv 777 on the directory, which sets all the permissions so we can do what we like, but the next logfile created, goes back to some default.
How can I set permissions on the logfiles to be created
Marc
Permissions on files created by a particular user depend on what mask is set for this particular user.
Now you need to set the appropriate permissions for whoever is running the apache service
ps -aux | grep apache | awk '{ print $1 }'
Then for this particular user running apache (www-data?)
sudo chown -R your_user:user_running_apache directory
where directory is the root directory of your django application.
To make sure that all the files that will be added to this directory in the future have
the correct permissions run:
sudo chmod -R g+s directory
I faced with the same problem - I had issues with starting shell and with celery due to rotated-log file permissions. I'm running my django-project through the uwsgi (which is running by www-data user) - so I handled it by setting umask for it (http://uwsgi-docs.readthedocs.org/en/latest/Options.html#umask).
Also I'm using buildout, so my fix looks like this:
[uwsgi]
recipe = buildout.recipe.uwsgi
xml-socket = /tmp/uwsgi.sock
xml-master = True
xml-chmod-socket = 664
xml-umask = 0002
xml-workers = 3
xml-env = ...
xml-wsgi-file = ...
After this log file permissions became 664, so group members of www-data group can also write into it.