Django的[错误13]许可被拒绝:“/无功/网络/媒体/动物/ user_uploads” [英] Django [Errno 13] Permission denied: '/var/www/media/animals/user_uploads'
问题描述
我开发一个Django API将在Apache2的顶部通过WSGI运行Ubuntu的服务器上运行。
用户可以上传他们采取使用POST请求的服务器的照片。该API处理该请求,然后尝试写入图像以 /无功/网络/媒体/动物/ user_uploads /< animal_type> /< picture_name> .JPG 。如果没有目录 /无功/网络/媒体/动物/ user_uploads /< animal_type> / 它会创建它。
在开发过程中的一切测试很好,使用的是Windows和Linux的科学都。当部署服务器上测试时,我收到此错误:
据我了解,Apache2的服务器使用的用户身份运行 www数据。就我而言,运行猫/ etc / passwd文件来获取用户列表,这是我得到 www数据:
WWW的数据:X:33:33:WWW的数据:在/ var / WWW:/ bin / sh的
我假定这意味着
www数据访问一切都在/无功/网络/。我曾尝试:
搭配chmod 777 -R媒体
这工作,但它显然是解决这是一个非常糟糕的方式。有没有更好的办法来解决这个?
这是我的wsgi.py:
进口操作系统,SYS
os.environ.setdefault(DJANGO_SETTINGS_MODULE,serengeti.settings)
sys.path.append('/塞伦盖蒂/ Django的/塞伦盖蒂')
sys.path.append('/塞伦盖蒂/ Django的)从django.core.wsgi进口get_wsgi_application
应用= get_wsgi_application()我有这在我的
settings.py文件:MEDIA_ROOT ='/无功/网络/媒体/
MEDIA_URL = os.path.join(BASE_DIR,'/媒体/')我的
vhost.conf包含此:别名/媒体/在/ var / WWW /媒体/
解决方案我到底解决了这个自己。
在对开发机器上运行,我其实用我的当前用户的权限运行。但是,部署服务器上运行时,我其实通过
WSGI运行,这意味着它使用www数据运行的权限。
www数据既不是所有者也不是组拥有/无功/网络用户英寸这意味着www数据被视为等并设置到其他用户的权限。在 BAD 解决方案,这将是要做到:
sudo的搭配chmod -R 777 /无功/网络/这将使每个人都在
/无功/网络/完全获得的一切,这显然是一个非常糟糕的主意。另一个 BAD 的解决办法是要做到:
须藤CHOWN -R www数据的/ var / WWW /这将所有者更改为
www数据,打开安全漏洞。在好的解决方案是:
须藤GROUPADD varwwwusers
须藤的adduser www数据varwwwusers
须藤chgrp命令-R varwwwusers在/ var / WWW /
须藤搭配chmod -R 770 /无功/网络/这增加了
www数据到varwwwusers组,然后将其设置为组/无功/网络/及其所有子文件夹。搭配chmod会给读,写,执行权限的所有者和组,同时阻止任何其他用户访问它。I am developing a django API which will be running on top of Apache2 via WSGI on a server running Ubuntu.
Users will be able to upload pictures they take to the server using a POST request. The API processes this request and then attempts to write the image to
/var/www/media/animals/user_uploads/<animal_type>/<picture_name>.jpg. In case there is no directory/var/www/media/animals/user_uploads/<animal_type>/it will create it.When testing during development everything was fine, both using Windows and Scientific Linux. When testing on the deployment server, I receive this error:
From what I understand, the Apache2 server is running using the user
www-data. In my case, runningcat /etc/passwdto get the list of users, this is what I get forwww-data:www-data:x:33:33:www-data:/var/www:/bin/sh
I am assuming this means that
www-datahas access to everything in/var/www/. I have tried:chmod 777 -R media
This worked but it is obviously a very bad way to solve this. Is there a better way to solve this?
This is my wsgi.py:
import os, sys os.environ.setdefault("DJANGO_SETTINGS_MODULE", "serengeti.settings") sys.path.append('/serengeti/django/serengeti') sys.path.append('/serengeti/django') from django.core.wsgi import get_wsgi_application application = get_wsgi_application()I have this in my
settings.pyfile:MEDIA_ROOT = '/var/www/media/' MEDIA_URL = os.path.join(BASE_DIR,'/media/')My
vhost.confcontains this:Alias /media/ /var/www/media/
解决方案I have solved this myself in the end.
When running on the development machines, I am in fact running using my current user's privileges. However, when running on the deployment server, I am in fact running through
wsgi, which means it's running usingwww-data's privileges.
www-datais neither the owner nor in the group of users that own/var/www. This means thatwww-datais treated asotherand has the permissions set to others.The BAD solution to this would be to do:
sudo chmod -R 777 /var/www/This would give everyone full access to everything in
/var/www/, which is obviously a very bad idea.Another BAD solution would be to do:
sudo chown -R www-data /var/www/This would change the owner to
www-data, which opens security vulnerabilities.The GOOD solution would be:
sudo groupadd varwwwusers sudo adduser www-data varwwwusers sudo chgrp -R varwwwusers /var/www/ sudo chmod -R 770 /var/www/This adds
www-datato thevarwwwusersgroup, which is then set as the group for/var/www/and all of its subfolders.chmodwill give read, write, execute permissions to the owner and the group, while blocking any other users from accessing it.这篇关于Django的[错误13]许可被拒绝:“/无功/网络/媒体/动物/ user_uploads”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
