GeoServer and CentOS. Permissions denied when trying to create a layer - django

I have a Django/Python map application. This application uses gdal library to create geotiffs and tiled layers. Everything works absolutely ok - geotiffs are nicely created, folders with tiles are also created. But there is a problem - I can not create a store and publish a layer, because geoserver says, that it does not have permissions to write to my Django folders. The error message looks like so:
'/var/www/django_project/django_project/layers/tiled/test_layer1/0/0.prj', "[Errno 13] Permission denied:
And multiple similar error messages. When I check permissions to test_layer1 folder, I see that it is 777 and the owner is apache (not apache tomcat, but apache httpd). I guess the whole problem is in the owner - geoserver for some reason is not able to write to these folders (inspite of 777 permisions). But I'm not sure what owner and what permissions I should set, so that both Django application (or perhaps I should say apache) could write to this folder and GeoServer could read and write to it. By the way, GeoServer is running on top of Apache Tomcat.

Related

Git clone causing issues with Windows permissions over SSH with django project

I've got a Django project which works great. Previously we just cloned down and used password authentication. I changed the remote to git#bitbucket.org:myteam/our_repo.git
Recently we started requiring 2FA, so now we can only clone down over SSH.
For this project, I created an access key (read-only, which is all I need for cloning down on a staging server) and I was able to clone down the repo (git clone git#bitbucket.org:myteam/our_repo.git) without issue and get it all set up. This appeared to have worked.
The other server admin remoted in and tried to run git pull origin master, he got a permission issue. His windows user is part of the Administrators group - but for some reason that didn't matter. His local user had to be added to the directory with full access before he could run git pull origin master
It appears that this permission issue is causing other issues, too. File uploads (from the Django admin) are no longer actually uploading the files into the directory on the server - my guess is that this is related to the permissions issue, too. Nothing was changed to impact this - the project was just cloned down over SSH.
Does cloning something down over SSH change the permissions on the directories or somehow lock it down more? This wasn't an issue before - only since we've switched over to SSH.
Any feedback is helpful!
Does cloning something down over SSH change the permissions on the directories or somehow lock it down more?
No, it does not change anything locally.
And 2FA is only impacting HTTPS URL (where your password must be a PAT, Persoanl Access Token)
It has no bearing on SSH URLS.
Check first ssh -Tv git#github.com output.

Django - share media files during development

I want developers to use the same development database while developing a Django project so I've created a remote server with Ubuntu 18.04, created Postgres database and allowed remote access.
The problem is that there are missing pictures - media directory is in .gitignore because of production server. How I make media being shared (and editable) so any developer can see any image and assign image to object?
I was thinking about sharing it through git or to store media on production server where Postgres is but not sure how and if it's the best way to do this.
Funny setup...
2 thoughts:
Shared DB sure you have your reasons but why are you running a centralized dev server vs having developers run local and gain access to terminal logs with a DATABASE configuration that points to the remote DB?
You can stash an empty media directory or any other -- description on how at How can I add an empty directory to a Git repository?

AWS EC2 RHEL7 Instance permission problem

I have set all the folders in my /var/www/upload directory to 755. But still my php application hosted on that server is not performing file uploads. Please tell me how to fix this permission problem and how my php file uploading will be working fine.
It does not shows any error. Just file is not moved to the intended folder.

bootstrap/autoload.php - Failed to open stream: permission denied

I'm working with a website running on laravel. The site works fine on my local through Homestead, no problems.
Recently, I pushed the git repo up to a server that never had this site running on it before. I set everything up right (had some nginx config issues for a while, but got those all sorted out). Nginx has the public folder set as the site root, so it hits the proper index page when you load the page.
What I'm getting is a 500 error. My error logs reveal the following is the reason:
site_root/public/../bootstrap/autoload.php - Failed to open stream: permission denied
in
site_root/public/index.php on line 22
I can confirm that the bootstrap folder and the autoload.php file are both accessible by the web user, and have permissions that should allow access.
I've read a few cases online of people solving this issue with a 'composer install'. I tried updating composer, doing an install, and dumping its cache. I also tried removing the vendor folder (which had been a part of the git repo), and running composer install to regenerate it. None of these have worked. Happy to supply any info that will help. This is Laravel 5.2 running on Ubuntu Server 14.04 with nginx, all on an AWS box.
Solved it. This was actually an issue with site-wide permissions. They were set to 770 instead of 775. I suspect that I can and should restrict them more. For now, I'm just happy to have it loading again.
Moral of the story is to check your permissions site-wide, not necessarily just on the file which gives you the fatal error. You may continue to get the same fatal error, despite permissions being wide-open on the mentioned file. If so, look for permissions issues elsewhere.

What are the 'correct' permission setting for django site running on apache2 server

I am very new to apache and django, so execuse me if this question is simple. I am trying to deploy an existing site to an apache server. For the time being, the site is still in development so I am only deploying it as a virtualhost on my local machine.
I am using Django's WSGI module in the deployment. In my site's config file, I have the following aliases:
Alias /media/ /home/tester/Desktop/siteRootDir/media
Alias /content/ /home/tester/Desktop/siteRootDir/content
WSGIScriptAlias /c /home/tester/Desktop/siteRootDir/deploy/site.wsgi
When I run apache and go to localhost/c I was getting the (13)PermissionDenied error in the apache log. To get around that error, I (admitedly stupidly) ran
chmod -R 777 /home/tester/Desktop/siteRootDir
I know that is not the way to deal with the issue, but I just wanted the site to work so I can continue its development.
So my question is, what are the correct permission settings to the siteRootDir directory and its sub-directories such that the site will run and I do not expose unnecessary files in the directory.
Also, I realize that this is not an ideal set up and I will likely run into problems when I deploy the site in production. Can anyone please suggest a better organizational approach to this?
Thanks!
The tightest permissions possible would be 0600 for files and 0700 for dir's and as a owner the user owning the apache processes. This user differs per OS and flavor (e.g. for OSX it's www, for Debian/Ubuntu it's www-data).
This would probably too tight for a development server. At least would you like to be able to modify all your files through your IDE of text editor, so either you should add ACLs for yourself (i.e. the user that edits the Django files, templates and static files).
Also, in a production server you want the apache user to be able to write to directories that hold web uploaded content. That would be somewhere in your static files section (or on a different dedicated static files server).