I'm creating a Django app who can access to the user home directory. For this purpose I want to create a directory using something like os.mkdir('/home/user/new_directory') or a subprocess command.
Because Django is started by an apache server, python act as the apache user and can't access to my users home directories.
Currently, I know the login of my users because they have to be logged on the website. Is there a solution to perform unix commands from Django/Python in the name of the user ?
You can set the home directories via MEDIA_URL /or symlink itself.
I think of a combined aproach of symlink and os.system calls.
what-is-symlinking-and-how-can-learn-i-how-to-to-do-this
To change the apache user, use os.system(su <command>)
changing-user-in-python
Related
I have a small Flask application that runs fine locally, however when I go to run the application on my server, it runs but I am not able to get the output to save to a public_html folder.
This is the area I believe I am having the issue, when I run the application remotely:
df.to_html('/home/mydomain/public_html/data/candles.html', index = False)
If I run the application locally, this location works fine:
df.to_html('candles.html', index = False)
I have ensured that the remote folder 'data' has full access - 0777.
What am I doing wrong?
If you don't have an exception occurring, then very likely the file was saved, but not where you think it should have. If you did not provide a full path, the destination will be relative to the application directory. The solution is to be explicit and provide a full path, unless you are using some Flask functions that already have a default setting.
You should never grant 0777 permissions on public_html, that is a potential vulnerability. For example, someone could upload a shell to that directory if they can leverage a security flaw on your website.
There is not enough context, but the user running the process (Apache, Nginx or whatever) should not have write permissions here. If you must grant write permissions, create a dedicated directory (preferably outside the webroot unless they have to be exposed to the user), then add some directives to stipulate that files present in the directory cannot be executed. So that even if a webshell is uploaded it cannot run.
Hey guys i have made my django project successfully and I was ready to upload my django project to cpanel Linux shared Hosting which I bought but when I searched on Google on how to upload Django project to cpanel I found that there is a option in cpanel called Setup Python App which gives us features to upload Python Apps and this option is only shown on cpanels which have CloudLinux but I don't have CloudLinux and it is paid. My cpanel is only showing me Application Manager kind of thing under Software Option which I think could be an alternative to upload my app. Am I right, can I really do that with Application manager thing or is there any free way to upload my Django App on my bought cpanel. I bought Linux shared hosting in cpanel and bought a domain too. Please Help.
if you do have application manager on your cpanel there might be a way to run python WSGI application ( in your case the python WSGI will be your django app )
look at this article (https://www.liquidweb.com/kb/installing-python-wsgi-applications-on-cpanel/)
flowing the steps of this article you should be able to bring your django application on cpanel without the need buy CloudLinux which is TOOOOOO expensive for the only one little tiny thing you want from it
please not that since your cpanel allready have [Application manager] then you can skip the "yum install ea-ruby24-mod_passenger ea-apache24-mod_env" step as it would only be required if you don't already see Application manager on your cpanel account
to summerize the steps for you
1 : from your terminal (ssh) log in to your user account , and get into your user main directory ( or wherever you want to have your django appstored)
cd /home/username
2: create a virtual environment identical to your virtualenv on your local machine
3: put your django project file on your server ( you need to figure this out on your own )
4: create the Passenger WSGI file ( ideally on the same directory where you have your manage.py file
note that your django application should have its own wsgi.py file right next to settings.py
so instead of writing the Passenger WSGI file as described in the link ,
you would need to put only one line of code in it to import the django wsgi file
from project_name.wsgi import application
I have a django application which creates a work directory for a package. This is done with:
if not os.path.exists(dest):
os.makedirs(dest)
The creation of the folder works great, but when the django application later try to remove the very same folder, I get "Permission denied".
Apparently the permissions of the folder and files created by django is owned by root and not by apache. Why is it not owned by apache if apache created it? How can I make apache and django to create it as apache?
Maybe this help you
Permission problems when creating a dir with os.makedirs (python)
According to the official python documentation the mode argument of the os.makedirs function may be ignored on some systems, and on systems where it is not ignored the current umask valued is masked out.
Either way, you can force the mode to 0777 using the os.chmod function.
It appears that the optimal solution is to set the uid that django will use in wsgi.py. By explicitly setting the user to be 'apache' for the current python process, every file that is created belongs to the user 'apache'. I found this out after Nicos Mouzourss answer.
To set the uid:
import os, pwd
os.setuid(pwd.getpwnam('apache').pw_uid)
I developed an Intranet for a client using Django. The users sign on to their computers via Active Directory. Currently, I log them in via standard Django contrib.auth, and use Active Directory via custom login backends.
What I'd like is for users to be able to use SSO via their existing Active Directory login to be automatically logged into the Django site.
I understand that this should be done via REMOTE_USER (https://docs.djangoproject.com/en/dev/howto/auth-remote-user/), but the documentation says: "where the Web server sets the REMOTE_USER environment variable". This assumes that the Django site and the authentication server are on the same server, no?
In my case, the Django site is running on a Linux + Apache server and the Active Directory on another Windows machine (there's actually 2 different AD servers we use to log people in), so I don't know how the REMOTE_USER env variable would be set.
The users are all using Windows machines.
The magic word herefore is kerberos authentication.
Your user does not authenticate against your django application but against your webserver. Your intranet probably has a kerberos service running, that authenticates your user for you and just gives you a user name in REMOTE_USER if he is authenticated.
You can then search your LDAP for specific Access Rights or have an own database with special access rights.
Here is a short article from CentOS. It is very important what your environment looks like, so all I cann do is show you the direction ;-)
http://wiki.centos.org/HowTos/HttpKerberosAuth
When I run os.mkdir() for a certain directory. I can't create a directory. However, I can do so manually (with admin dialog coming on before the creation, this is windows 7 btw). How would I run the os.mkdir() as admin?
Python is a scripting language. In order to have administrative rights, Python process has to be ran as admin as well.
And also, you might be interested in: Request UAC elevation from within a Python script?