Which permissions should I use for Django folders at my server? - django

My host Djangohosting puts 777 by default for my Django folders, when I use their one-click Django installer.
I am not sure whether that is safe or not, since everyone can then apparently see my source code.
Which permissions should I use for Django folders at my server?

Anyone that has access to the files on the machine would actually have access to change your files with those permissions. A lot of times the web server will run under a different User ID (uid) than the uid of your user, so you will probably want to let other users read the files. Given that, you probably want permissions of 755 for directories and 644 for files.
For a detailed description of unix permissions, see here.

Related

Where should Django project files be located in a production server to allow multiple authorized users to manage?

If the project will be pulled from git, where should it go? I also need to give multiple authorized users to access and manage the project. Also, how should virtualenv be handled on this scenario? My default virtualenv location would be ~/.env so other users wouldn't be able to access.
Personally, I think it should be as far from any /home or /root directory. Also, servers usually are placed on /etc or /var folder, like
/etc/myservice/ <-- but only available for sysadmin and the server
/var/myservice/ <-- access available just to myauthorizedgroup
It is very important to provide the read and write permissions just to the authorized users.
If you need help with permissions, this thread may help you.
Hope it helps :)

Django - protect files from downloading by typing their exact url

I have an app which server uploading/downloading files. It has users with different privileges, e.g. some users can download only certain files.
The problem is, if someone manages to type the exact URL of the file (e. g. localhost:8000/data/somefile.txt), they even do not need to be logged in and can see/download the file anyway.
Is there any way how to prevent this?

Django How to allow apache to create directories?

I am making a django application that makes user of django's ImageField to upload a file to a specific folder. I am using this field for storing the user's profile pictures. But the problem is the path that I give to upload_to is dynamic and depends on user and will create directories if needed. i.e if the path is user/1/profile-pic/large/pic.jpg, it will create the directores, user/, user/1/ so on, if the are not already there. It worked fine in development. But now when I have put my website on a VM and serving it using apache. Django raises the permission denied error. As I have to make directories dynamically so I can't make them ahead of everything and change their permissions. So I was wondering if there is any of way of acoomplishing it.
You should chown you media directory to the user which runs you django app.

Akeeba backup Joomla 2.5.14 & cpanel all files unwriteable

I uploaded a website that is working in the localhost using Akeeba backup. It is done by creating a new public_html at the host using its cpanel. Next i transfer the .jpa & the kickstart.php to this new folder. Finally i browse the kickstart.php and restore the website running on joomla 2.5.14.
Accessing the admin panel of Joomla, it reports all folders as WRITEABLE and site runs good. In cpanel all folders permission is set to 755 & files 644 as expected; i then change configuration.php to 444.
However when i try to edit the configuration.php in the host, i found i can't change the file permission or save any edit. This in fact affects all files. After informing the host, they change the file ownership setting, then in cpanel i CAN edit files BUT now Joomla reports all folders become UNWRITEABLE creating more problems eg cannot install new extension; some how Joomla no longer has edit rights to the folders.
More ... at this state, to make a folder WRITEABLE to Joomla, it must be set file permission to 777. It is unexpected & unacceptable; 775 is sufficient for Joomla to report as writeable ie if the host is doing the right thing for Joomla (as i found in another hosting site).
When i tell the host to change it back to the state after Akeeba restoration, they say that will mean they have to set the folders with ownership = nobody.
I would imagine ownership of folders & all its content can be made to be the cpanel user AND the joomla ie php/apache user. Can someone enlighten me this puzzle so that i can talk more intelligently with the host or point where i went wrong. I am getting no where with them.
PS: Latest Sharing Update
The solution is find a host that has Server API showing as cgi/fastcgi which mean that suPHP of Apache is enabled (sorry cannot post .jpg < 10 reputation)
With cgi, Joomla report all 755 folders as writeable.
Now the new question
If the host use Server API = Apache 2.0, how can i enable suPHP from the website?
As you have worked out, suPHP or FastCGI should usually be enabled for Joomla file permissions and file ownership to work as you would expect.
There is a good article on this at: http://boomshadow.net/tech/php-handlers
In a shared hosting environment you don't usually have access to change which PHP file handler is enabled but your web hosting company may be able to change this for you.
If your web hosting company can't enable suPHP or FastCGI, the only other option might be to find a new web hosting company.

Django: File permissions media and static files

I use Django with supervisor. My project folder is located in foouser directory, however in supervisor, I chose to run the deployment process using a different user, which was created by
$ adduser --disabled-login www
Hence user www does not have access to the media and static folders of the django project since they are under a different user directory. I feel that just making the file-permissions 0777 is not a proper way for allowing user www to have access to the static and media files. I also feel that it might be a security risk to run the deployment process under foouser which has more privileges compared to user www.
What is the best approach for this?
You can change owner group of your media directory/files to www's group and give it full permission.
Another option is to put your media files under a directory where www user has access, (may be you can use symlink/hardlink to bring directory owned by www under your django project media path).