I have a django application which creates a work directory for a package. This is done with:
if not os.path.exists(dest):
os.makedirs(dest)
The creation of the folder works great, but when the django application later try to remove the very same folder, I get "Permission denied".
Apparently the permissions of the folder and files created by django is owned by root and not by apache. Why is it not owned by apache if apache created it? How can I make apache and django to create it as apache?
Maybe this help you
Permission problems when creating a dir with os.makedirs (python)
According to the official python documentation the mode argument of the os.makedirs function may be ignored on some systems, and on systems where it is not ignored the current umask valued is masked out.
Either way, you can force the mode to 0777 using the os.chmod function.
It appears that the optimal solution is to set the uid that django will use in wsgi.py. By explicitly setting the user to be 'apache' for the current python process, every file that is created belongs to the user 'apache'. I found this out after Nicos Mouzourss answer.
To set the uid:
import os, pwd
os.setuid(pwd.getpwnam('apache').pw_uid)
Related
I have a small Flask application that runs fine locally, however when I go to run the application on my server, it runs but I am not able to get the output to save to a public_html folder.
This is the area I believe I am having the issue, when I run the application remotely:
df.to_html('/home/mydomain/public_html/data/candles.html', index = False)
If I run the application locally, this location works fine:
df.to_html('candles.html', index = False)
I have ensured that the remote folder 'data' has full access - 0777.
What am I doing wrong?
If you don't have an exception occurring, then very likely the file was saved, but not where you think it should have. If you did not provide a full path, the destination will be relative to the application directory. The solution is to be explicit and provide a full path, unless you are using some Flask functions that already have a default setting.
You should never grant 0777 permissions on public_html, that is a potential vulnerability. For example, someone could upload a shell to that directory if they can leverage a security flaw on your website.
There is not enough context, but the user running the process (Apache, Nginx or whatever) should not have write permissions here. If you must grant write permissions, create a dedicated directory (preferably outside the webroot unless they have to be exposed to the user), then add some directives to stipulate that files present in the directory cannot be executed. So that even if a webshell is uploaded it cannot run.
I'm creating a Django app who can access to the user home directory. For this purpose I want to create a directory using something like os.mkdir('/home/user/new_directory') or a subprocess command.
Because Django is started by an apache server, python act as the apache user and can't access to my users home directories.
Currently, I know the login of my users because they have to be logged on the website. Is there a solution to perform unix commands from Django/Python in the name of the user ?
You can set the home directories via MEDIA_URL /or symlink itself.
I think of a combined aproach of symlink and os.system calls.
what-is-symlinking-and-how-can-learn-i-how-to-to-do-this
To change the apache user, use os.system(su <command>)
changing-user-in-python
I'm trying to generate PDF file from Latex template. I've done it in development environment (running python manage.py straight from eclipse)... but I can't make it work into the server, which is running using cherokee and uwsgi.
We have realized that open(filename) creates a file owning to root (also root group). This isn't taking place in development environment... but the most strange thing about this issue is that somewhere else in our code we are creating a text file (latex uses is a text file too), but it's created with the user cherokee is supposed to use, not root!
What happened? How can we fix it?
We are running this code on ubuntu linux and a virtual environment both in development and production.
We started following some instructions to do it using python's temporary file and folder creation functions, but we thought that it could be something related with them, and created them "manually" in order to try to solve this issue... but it didn't work.
As I've said in my comments this issue was related to supervisord. I've solved it assigning the right path and user into "environment" variable of supervisord's config file.
I need to listen linux's port to run my service. So, I always run the python program to start with sudo previlage, that made the files created by program like pycahee and .pyc files also get super user's authority,the files and directories can only be removed in sudo mode. That's very inconvenience. So, is there a way to specify python to create normal folder and files?
Running a script as root just so you can listen on privileged ports is not good practise (unless the script really does require root).
If your script doesn't require root, then I would recommend using setuid/setgid to drop privileges after you have set up the privileged port socket;
This has already been answered in detail here;
Dropping Root Permissions In Python
Edit: OP mentioned that the pyc file created still has root permissions. You could use the suid bit (chmod u+s script.py) then setuid(0) to gain root permissions during runtime, ensuring the file ownership is not root. Setting the suid bit for only the file owner also means other users cannot abuse the suid bit.
I have a website built in Django, that allows a user to upload a file. This file then gets processed and a bunch of other files are created. These files are owned by the user/group www-data of which my account is a member. Someone else wrote the script that creates these files and it uses programs that I am unfortunately not familiar with. These files have rw-r--r-- permissions and I am able to delete them manually as well as through the website.
The website then calls the "collectstatic" Django command which copies these files (owned by www-data) to the static_root directory. These files I cannot delete manually, nor can I get the website to call a script to delete them. I get the "permission denied" error. Originally these files had the same permssions as the ones they were copied from (rw-r--r--) but I managed to get them to have rw-rw-rw by extending the django StaticFilesStorage object like so:
from django.contrib.staticfiles.storage import StaticFilesStorage
import os
class MyStaticFilesStorage(StaticFilesStorage):
def save(self, name, content):
os.umask(0)
super(MyStaticFilesStorage, self).save(name, content)
I have only just started working with Django and Python this summer so I'm really not that familiar with it. Any help would be appreciated. I don't understand how I can't delete a file that has "write" permission for a group of which I am a member.
Edit:
Where I think the problem lies: The program that creates the files creates a directory for them that has drwxrwxrwx permission. "collectstatic" copies this directory to my static_root directory and the permsissions on that new directory are drwxr-xr-x.
To delete a file in a unix-like environemnt you need write permissions on the directory, not on the file itself.
So try to chmod 775 the directory your static files are located in and it should work.
BTW: patching StaticFilesStorage in the way mentioned above is not a good solution imho and shouldn't be required anyway.
collectstatic uses FILE_UPLOAD_PERMISSIONS and FILE_UPLOAD_DIRECTORY_PERMISSIONS (the latter being new in Django 1.7).
See https://docs.djangoproject.com/en/dev/ref/contrib/staticfiles/#django-admin-collectstatic.