Django的[错误13]许可被拒绝:“/无功/网络/媒体/动物/ user_uploads” [英] Django [Errno 13] Permission denied: '/var/www/media/animals/user_uploads'
问题描述
我开发一个Django API将在Apache2的顶部通过WSGI运行Ubuntu的服务器上运行。
用户可以上传他们采取使用POST请求的服务器的照片。该API处理该请求,然后尝试写入图像以 /无功/网络/媒体/动物/ user_uploads /< animal_type> /< picture_name> .JPG
。如果没有目录 /无功/网络/媒体/动物/ user_uploads /< animal_type> /
它会创建它。
在开发过程中的一切测试很好,使用的是Windows和Linux的科学都。当部署服务器上测试时,我收到此错误:
据我了解,Apache2的服务器使用的用户身份运行 www数据
。就我而言,运行猫/ etc / passwd文件
来获取用户列表,这是我得到 www数据
:
WWW的数据:X:33:33:WWW的数据:在/ var / WWW:/ bin / sh的
块引用>我假定这意味着
www数据
访问一切都在/无功/网络/
。我曾尝试:
搭配chmod 777 -R媒体
块引用>这工作,但它显然是解决这是一个非常糟糕的方式。有没有更好的办法来解决这个?
这是我的wsgi.py:
进口操作系统,SYS
os.environ.setdefault(DJANGO_SETTINGS_MODULE,serengeti.settings)
sys.path.append('/塞伦盖蒂/ Django的/塞伦盖蒂')
sys.path.append('/塞伦盖蒂/ Django的)从django.core.wsgi进口get_wsgi_application
应用= get_wsgi_application()我有这在我的
settings.py
文件:MEDIA_ROOT ='/无功/网络/媒体/
MEDIA_URL = os.path.join(BASE_DIR,'/媒体/')我的
vhost.conf
包含此:别名/媒体/在/ var / WWW /媒体/
解决方案我到底解决了这个自己。
在对开发机器上运行,我其实用我的当前用户的权限运行。但是,部署服务器上运行时,我其实通过
WSGI
运行,这意味着它使用www数据运行
的权限。
www数据
既不是所有者也不是组拥有/无功/网络
用户英寸这意味着www数据
被视为等
并设置到其他用户的权限。在 BAD 解决方案,这将是要做到:
sudo的搭配chmod -R 777 /无功/网络/
这将使每个人都在
/无功/网络/
完全获得的一切,这显然是一个非常糟糕的主意。另一个 BAD 的解决办法是要做到:
须藤CHOWN -R www数据的/ var / WWW /
这将所有者更改为
www数据
,打开安全漏洞。在好的解决方案是:
须藤GROUPADD varwwwusers
须藤的adduser www数据varwwwusers
须藤chgrp命令-R varwwwusers在/ var / WWW /
须藤搭配chmod -R 770 /无功/网络/这增加了
www数据
到varwwwusers
组,然后将其设置为组/无功/网络/
及其所有子文件夹。搭配chmod
会给读,写,执行权限的所有者和组,同时阻止任何其他用户访问它。I am developing a django API which will be running on top of Apache2 via WSGI on a server running Ubuntu.
Users will be able to upload pictures they take to the server using a POST request. The API processes this request and then attempts to write the image to
/var/www/media/animals/user_uploads/<animal_type>/<picture_name>.jpg
. In case there is no directory/var/www/media/animals/user_uploads/<animal_type>/
it will create it.When testing during development everything was fine, both using Windows and Scientific Linux. When testing on the deployment server, I receive this error:
From what I understand, the Apache2 server is running using the user
www-data
. In my case, runningcat /etc/passwd
to get the list of users, this is what I get forwww-data
:www-data:x:33:33:www-data:/var/www:/bin/sh
I am assuming this means that
www-data
has access to everything in/var/www/
. I have tried:chmod 777 -R media
This worked but it is obviously a very bad way to solve this. Is there a better way to solve this?
This is my wsgi.py:
import os, sys os.environ.setdefault("DJANGO_SETTINGS_MODULE", "serengeti.settings") sys.path.append('/serengeti/django/serengeti') sys.path.append('/serengeti/django') from django.core.wsgi import get_wsgi_application application = get_wsgi_application()
I have this in my
settings.py
file:MEDIA_ROOT = '/var/www/media/' MEDIA_URL = os.path.join(BASE_DIR,'/media/')
My
vhost.conf
contains this:Alias /media/ /var/www/media/
解决方案I have solved this myself in the end.
When running on the development machines, I am in fact running using my current user's privileges. However, when running on the deployment server, I am in fact running through
wsgi
, which means it's running usingwww-data
's privileges.
www-data
is neither the owner nor in the group of users that own/var/www
. This means thatwww-data
is treated asother
and has the permissions set to others.The BAD solution to this would be to do:
sudo chmod -R 777 /var/www/
This would give everyone full access to everything in
/var/www/
, which is obviously a very bad idea.Another BAD solution would be to do:
sudo chown -R www-data /var/www/
This would change the owner to
www-data
, which opens security vulnerabilities.The GOOD solution would be:
sudo groupadd varwwwusers sudo adduser www-data varwwwusers sudo chgrp -R varwwwusers /var/www/ sudo chmod -R 770 /var/www/
This adds
www-data
to thevarwwwusers
group, which is then set as the group for/var/www/
and all of its subfolders.chmod
will give read, write, execute permissions to the owner and the group, while blocking any other users from accessing it.这篇关于Django的[错误13]许可被拒绝:“/无功/网络/媒体/动物/ user_uploads”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!