I use Django with supervisor. My project folder is located in foouser directory, however in supervisor, I chose to run the deployment process using a different user, which was created by
$ adduser --disabled-login www
Hence user www does not have access to the media and static folders of the django project since they are under a different user directory. I feel that just making the file-permissions 0777 is not a proper way for allowing user www to have access to the static and media files. I also feel that it might be a security risk to run the deployment process under foouser which has more privileges compared to user www.
What is the best approach for this?
You can change owner group of your media directory/files to www's group and give it full permission.
Another option is to put your media files under a directory where www user has access, (may be you can use symlink/hardlink to bring directory owned by www under your django project media path).
Related
I have purchased a Joomla website template (including all content and images) from www.templatemonster.com/. When I was originally developing the website on my local machine using MAMP I created a folder under the HTDOCS parent directory and access the website by typing 'localhost\folder name'.
I have attempted to copy the files to the '/opt/bitnami/apps/folder name' assuming that this would be the correct method given that /opt/bitnami/apps/ contains the folders and files for the phpmyadmin dashboard, however this doesn't seem to work.
I followed the instructions as per https://docs.bitnami.com/installer/apps/joomla/#how-to-install-multiple-joomla-applications-in-the-same-instance, but this doesn't work because the conf directory doesn't exist within the template files. I assume this is because the Bitnami Stack includes the conf and htdocs directories under the Joomla parent by default, whereas in MAMPS the htpdocs directory would be the parent to the directories containing the content and so forth.
Is there something I am missing from this process?
Thank you for your help.
I would advise you the following:
First make a backup of /opt/bitnami/apps/joomla
Once the backup is done. Copy the template to /opt/bitnami/apps/joomla/htdocs
If it is a template with database contents you will also need to migrate the template database to mysql. The included phpmyadmin can be helpful.
You will probably have to modify the configuration files in case they are overwritten. Use the previously backed up folder for reference.
I am making a django application that makes user of django's ImageField to upload a file to a specific folder. I am using this field for storing the user's profile pictures. But the problem is the path that I give to upload_to is dynamic and depends on user and will create directories if needed. i.e if the path is user/1/profile-pic/large/pic.jpg, it will create the directores, user/, user/1/ so on, if the are not already there. It worked fine in development. But now when I have put my website on a VM and serving it using apache. Django raises the permission denied error. As I have to make directories dynamically so I can't make them ahead of everything and change their permissions. So I was wondering if there is any of way of acoomplishing it.
You should chown you media directory to the user which runs you django app.
I uploaded a website that is working in the localhost using Akeeba backup. It is done by creating a new public_html at the host using its cpanel. Next i transfer the .jpa & the kickstart.php to this new folder. Finally i browse the kickstart.php and restore the website running on joomla 2.5.14.
Accessing the admin panel of Joomla, it reports all folders as WRITEABLE and site runs good. In cpanel all folders permission is set to 755 & files 644 as expected; i then change configuration.php to 444.
However when i try to edit the configuration.php in the host, i found i can't change the file permission or save any edit. This in fact affects all files. After informing the host, they change the file ownership setting, then in cpanel i CAN edit files BUT now Joomla reports all folders become UNWRITEABLE creating more problems eg cannot install new extension; some how Joomla no longer has edit rights to the folders.
More ... at this state, to make a folder WRITEABLE to Joomla, it must be set file permission to 777. It is unexpected & unacceptable; 775 is sufficient for Joomla to report as writeable ie if the host is doing the right thing for Joomla (as i found in another hosting site).
When i tell the host to change it back to the state after Akeeba restoration, they say that will mean they have to set the folders with ownership = nobody.
I would imagine ownership of folders & all its content can be made to be the cpanel user AND the joomla ie php/apache user. Can someone enlighten me this puzzle so that i can talk more intelligently with the host or point where i went wrong. I am getting no where with them.
PS: Latest Sharing Update
The solution is find a host that has Server API showing as cgi/fastcgi which mean that suPHP of Apache is enabled (sorry cannot post .jpg < 10 reputation)
With cgi, Joomla report all 755 folders as writeable.
Now the new question
If the host use Server API = Apache 2.0, how can i enable suPHP from the website?
As you have worked out, suPHP or FastCGI should usually be enabled for Joomla file permissions and file ownership to work as you would expect.
There is a good article on this at: http://boomshadow.net/tech/php-handlers
In a shared hosting environment you don't usually have access to change which PHP file handler is enabled but your web hosting company may be able to change this for you.
If your web hosting company can't enable suPHP or FastCGI, the only other option might be to find a new web hosting company.
My Django site lets users upload images. It's running on Apache.
Files are uploaded via a FileUpload form. The folder to which files are uploaded is outside the Django project, and protected as described here, i.e. the folder has 755 permissions and files have 644 permissions.
I now want to serve the images up to users - but I need to do it securely, so that executable scripts don't run, and so that users can't e.g. delete all the images in the directory.
My question is, how do I serve the uploaded images to users in a secure way? Can I serve them safely as static media directly from that folder, with those permissions? Or should I copy them into another directory with different permissions, and serve them from there?
I'm serving the other static media (/media/css) on the site as a separate, static application.
Thanks!
The way to do this is to configure your web server to serve files with the names it expects, and with a correct image content-type. Use Django's ImageField for some level of validation by PIL/Pillow that uploaded files are images. For this directory, disable webserver features like autogenerating directory indexes, autoserving everything from the filesystem, guessing at mime types, and running cgi scripts.
My host Djangohosting puts 777 by default for my Django folders, when I use their one-click Django installer.
I am not sure whether that is safe or not, since everyone can then apparently see my source code.
Which permissions should I use for Django folders at my server?
Anyone that has access to the files on the machine would actually have access to change your files with those permissions. A lot of times the web server will run under a different User ID (uid) than the uid of your user, so you will probably want to let other users read the files. Given that, you probably want permissions of 755 for directories and 644 for files.
For a detailed description of unix permissions, see here.