Monday, July 11, 2016

ubuntu - Apache taking ownership of file and folder



I have django site running on Ubuntu with apache2 configured with mod_wsgi. The media (folder where user uploaded files go) is owned by ubuntu user (with sudo access) and the group of media folder is www-data. When new folder or files are created by apache in media folder some external Python process (e.g. subprocess.popen) is not able to write in that folder as that particular folder is owned by www-data. What is the solution of this problem?



What I have done so far (django is the system user):



sudo chown django:django -R mysite/media/
sudo chgrp -R www-data mysite/media/

sudo chmod -R g+w mysite/media/


ls -la result of media folder (media folder contains some other folders named with integers):



drwxr-sr-x  2 www-data www-data 4096 Jun  8 02:20 11
drwxrwsr-x  6 django   www-data 4096 Jun  7 18:15 10
drwxrwsr-x  5 django   www-data 4096 Jun  7 18:13 9
drwxrwsr-x  5 django   www-data 4096 Jun  7 18:11 8



As you can see the newly created folder 11 is owned by www-data not by django user.



What else i have tried:




  • i have tried to add user django to www-data group but nothing helps



Please help!




Update



Unfortunately Daniel solution also does not work for me (still getting IOError: [Errno 13] Permission denied). Here are result of command getfacl mysite/site_media/:



Before



# file: mysite/site_media/
# owner: django
# group: www-data

user::rwx
group::rwx
other::r-x


After (sudo setfacl -d -R -m g:www-data:rwx mysite/site_media/)



# file: mysite/site_media/
# owner: django
# group: www-data

user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:www-data:rwx
default:mask::rwx
default:other::r-x

Answer




You can use file access control lists, in this case setfacl to set default file permission to allow write operation for the group. If you have added django to the www-data group, then with the following command, the django user will have write permission on any files owned by www-data user.



    setfacl -d -R -m g:www-data:rwx mysite/media/


Note: you will need to install the acl package using apt-get install acl if it is not installed. Make sure also ACL is enabled for your partition - this link might help.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...