I'm using Django with uwsgi. The process runs as www-data user which is also the owner of all log files (both for uwsgi & Django). When I use RotatingFileHandler for logging in Django, the new log files are created with the following permissions:
-rw-r--r-- 1 www-data www-data
I've added the the currently logged-in user (ubuntu) to www-data group but still don't have write permission to the above log files. As a result, I can't run python manage.py test.
How can I tell either (i) uwsgi or (ii) logging framework or (iii) file handler to create log files with permissions 0660 so that both ubuntu & www-data can read/write to the log files.
There's a caveat though, if I run manage.py test and logrotation happens at that moment, the new log file would be owned by ubuntu user and uwsgi will complain. I don't know if it's possible to fix this with altering the current user/group permission structure.
I think what you need is to implement your own subclass as demonstrated in this SO
Related
I need to create an empty file when createEmptyFile() is triggered in UI.
But it is giving error "touch: cannot touch 'hello.txt': Permission denied"
because instead of creating file with actual user (actualuser), it is creating with apache user
This is a django app using apache server, and using 'os' module and with 'touch' command i need to create file
def createEmptyFile():
print getpass.getuser()
os.system('touch hello.txt')
I expect file to be created but it is giving "touch: cannot touch 'hello.txt': Permission denied" because of file is creating using another user(apache) instead of actual user(anotheruser)
Output:
apache
touch: cannot touch 'hello.txt': Permission denied
Thanks #dirkgroten,
With your suggestion i've created a new folder called properties and given owner as linux user and group as apache and folder permission as 777 and that worked fine any how 777 not suggested but in my case there is no need of having security of that directory:
1) mkdir properties #created directory
2) sudo chown actualuser properties #change owner to linux user (actualuser)
3) sudo chown :apache properties #change group to apache
4) sudo chmod 777 properties #change folder permission as drwxrwxrwx
below is the result:
drwxrwxrwx 2 actualuser apache 111 Jul 23 05:19 properties
I am recovering a nginx/uwsgi/flask server that had been up for about a year. It was originally setup mostly following:
https://www.digitalocean.com/community/tutorials/how-to-serve-flask-applications-with-uwsgi-and-nginx-on-ubuntu-14-04
I have it back running such that nginx is serving static files, and I can run the flask app. However, the uwsgi gateway doesn't appear to work right.
When I attempt to start he project: sudo start myproject in the digital ocean example, it just says:
myproject stop/waiting
/var/log/upstart/myproject.log says:
/tmp/logs/uwsgi.log permission denied [core/logging.c line 28]
So, I am wondering what permissions I should have on the log file? I currently have www-data.myuser 764.
The log file must be owned by the user which runs the uwsgi process. In case with Digital Ocean tutorial this is the user user.
Please, note that Digital Ocean literally declares the following in the /etc/init/myproject.conf:
setuid user
setgid www-data
If you copy-pasted the code, try changing setuid user to setuid www-data. 0644 should be enough with proper user.
I set up django using nginx and gunicorn. I am looking at the permission in my project folder and I see that the permission for the media folder is set to root (all others are set to debian):
-rw-r--r-- 1 root root 55K Dec 2 13:33 media
I am executing all app relevant commands like makemigrations, migrate, collectstatic, from debian, therefore everything else is debian.
But the media folder doesn't exist when I start my app. I will be created once I upload stuff.
But who creates it and how do I change the permissions to debain?
Coulnd't find out who exactly is it created by, however, the permissions depend on the user (root or non root).
This means if you run the commands (for example: python manage.py runserver) with sudo or under root the folder gets root permissions which can't be edited from a non root user.
I have a test django project that I have been using the django development server for. I want to start using an actual apache server to properly simulate a production environment. I am using Mac OS X.
I have been using this tutorial here, but in the first set of instructions I am getting a 403 from localhost. The browser says I do not have permission to access / on the server.
When I comment out the apache config line from the tutorial, WSGIScriptAlias / /Users/username/Projects/django_books/django_books/django.wsgi I can access localhost.
This is the contents of my django.wsgi file:
import os
import sys
os.environ['DJANGO_SETTINGS_MODULE'] = 'django_books.settings'
import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()
path = '/Users/username/Projects/django_books/django_books'
if path not in sys.path:
sys.path.append(path)
What is causing the 403 and why can't I see my django application?
EDIT
Directory structure:
django_books
apache (empty directory right now)
random_book
__init__.py
models.py
views.py
django_books
__init__.py
django.wsgi
settings.py
urls.py
views.py
wsgi.py
media
static
css
style.css
manage.py
2ND EDIT
Permissions on all the directories:
/Users/username/Projects/django_books/django_books/django.wsgi
-rw-r--r--
/Users/username/Projects/django_books/django_books
drwxr-xr-x
/Users/username/Projects/django_books/
drwxr-xr-x
/Users/username/Projects/
drwxr-xr-x
/Users/username/
drwxr-xr-x+
/Users/
drwxr-xr-x
According to my small experience I think you must add the following lines "just below the import sys line to place your project on the path" (so juste under "import sys") like it's said in the tutorial you quote. Also, erase the second "django_books" in your path because you want to link to your site not the app in your site ;-) ("mysite" in the tutorial, not mysite/mysite)
import os
import sys
path = '/Users/username/Projects/django_books'
if path not in sys.path:
sys.path.append(path)
os.environ['DJANGO_SETTINGS_MODULE'] = 'django_books.settings'
import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()
Bye
It's likely an issue related either to your Apache installation, python library, or the filesystem's permissions.
Testing Apache
You don't say it in your question, but I assume from your link you are working with Apache2 and mod_wsgi.
You can test if Apache and mod_wsgi (or your wsgi module) are working properly by placing a dummy wsgi script in the place of django.wsgi . This script (stolen from mod_wsgi's docs) doesn't rely on Django and helps make sure that Apache can read and execute the wsgi script:
# test version of django.wsgi
def application(environ, start_response):
status = '200 OK'
output = 'Hello World!'
response_headers = [('Content-type', 'text/plain'),
('Content-Length', str(len(output)))]
start_response(status, response_headers)
return [output]
And restart apache
sudo service apache2 restart
Go ahead and test the page. Did it work? Great. Undo the changes to the django.wsgi script, restart Apache and test again. If the Django site still doesn't work, we need to keep looking. If the test script didn't work, there may be a problem with your Apache installation. Check apache's error log for more information about what happened. On linux it's commonly at /var/log/apache2/error.log . mod_wsgi could be improperly installed, the script's daemon may not have appropriate permission to the wsgi file.
Correcting permission errors
Apache may not be able to read and execute the wsgi file. Running ls -l in the wsgi file's directory as indicated in other answers will tell you the user and group a file belongs to (and if that user and group can read, write, or execute a given file). It's common for a default installation to have the wsgi permissions like so:
-rw------- 1 www-data www-data 1470 Aug 29 16:00 django.wsgi
If you want to use a different user for the daemon process, you need to make sure that the apache conf file defines WSGIDaemonProccess
WSGIScriptAlias / /Users/username/Projects/django_books/django_books/django.wsgi
WSGIDaemonProcess wsgi_user processes=2 threads=15 display-name=%{GROUP}
WSGIProcessGroup wsgi_group
Testing changes to these files and restarting Apache can help narrow down what's up. Keep checking the Apache log files.
Apache Configuration
Django's tutorial on setting up mod_wsgi is good, but read through mod_wsgi's wiki as well. There are a lot of helpful things to consider in your apache conf file besides WSGIScriptAlias. Make sure there is a tag pointing to the folder with your wsgi file. If there are non-public files (like django project files) in that directory, either use the apache directory (update your apache conf file) or add a tag under the node to keep those other files private. While you're in there, you may notice other things that look wrong, like an improperly configured servername, multiple virtual hosts, or other errors.
Testing Python
If you're using virtualenv (do it), make sure that
1. The WSGIDaemonProcess variable defines the appropriate site-packages and the wsgi script's location in the variable's python-path attribute
2. The daemon has rights to read the site packages in your virtualenv.
3. Your wsgi script properly imports django and your site's settings.
Logging Apache
You can increase the level of logging reported by Apache by adding a few lines to your Apache conf file. This setup gives you very verbose logging that you may want during deployment (make sure to make a log folder):
LogLevel info
ErrorLog /Users/username/Projects/django_books/logs/apache_error.log
CustomLog /Users/username/Projects/django_books/logs/apache_access.log combined
I would suspect that the www-data (or whatever user apache is running as) doesn't have access to /Users/username/Projects/django_books/django_books.
su to that user and try and access that directory and the wsgi file within it.
To print all the relevant permissions:
ls -ld /Users /Users/username /Users/username/Projects /Users/username/Projects/django_books /Users/username/Projects/django_books/django_books /Users/username/Projects/django_books/django_books/django.wsgi
You should also check the apache error logs, they might tell you what is going wrong.
I'm running a FlaskApp using mod_wsgi and apache2 on Ubuntu server. I tried running the flask app on localhost successfully and then deployed it on ubuntu server.
But when i try to update database, its giving error:
Failed to update model. (OperationalError) attempt to write a readonly database u'UPDATE mysongs SET songurl=? WHERE songid.id = ?' (u'www.site.com/I_wanna_dance', 1)
Now i tried look for database file permission which is:
-rwxr-xr-x 1 www-data www-data 10240 Jul 14 15:35 /var/www/mywebsite/appfolder/appdata.db`
When i try changing permission to 777, 755, 644 etc. it shows another error: unable to open database file Although database file works fine with 644 permission on localhost but not on ubuntu server.
Also i checked permission of directories and for /var /var/www /var/www/mywebsite /var/www/mywebsite/appfolder etc., all have www-data:www-data as its owner username and group.
I tried googling and but no proper solution other than suggestion of changing file/dir permissions, which i have tried myself.
Why can't it read/access the database file?
Please suggest.
This issue is related to the files permissions management AND mostly to the user chosen in the Apache configuration file (*.conf) defined to holds the application processes. In a few words : the write permissions need to match this user.
Most of the time, the sqlite database file has been created by a specific user (for example your current user) and the site application is running under child processes launched by the Apache default user www-data (if the parameter user wasn't specified inside the directive WSGIDaemonProcess). In this case, the database can be read but it will throw this error if you try to modify anything :
(OperationalError) attempt to write a readonly database...
because www-data has no permission on the file (or on the parent folder)
First way : Apply permissions to the user www-data
You can set the write permissions on the database file and its parent folder.
If the folder contains other files, you can add write permission on it and only change the ownership of the database file to the user www-data, for example :
sudo chmod o+w db_directory
sudo chown www-data: db_directory/site_database.db
Or if the folder contains only the database file, you can try to change the folder owner directly :
sudo chown -R www-data: db_directory
Then check that read/write permissions are well set (with ls -l site_database.db)
More help in this post.
Other solution : Add a specific user to hold the application processes
This can be done by giving the user and group parameters in the directive WSGIDaemonProcess in Apache configuration.
It will make Apache launch the child processes under a specific user.
For example :
...
WSGIDaemonProcess main user=myuser group=myuser threads=3 python-home=/path/to/the/virtualenv/
WSGIProcessGroup main
WSGIApplicationGroup %{GLOBAL}
...
This user will manage all operation, including read/write to any files, so check that it has all needed permissions on every related files.
For security concerns, you may not use a wide-privileged user.
Some comments can help in this post.
Note : be careful if you manage your own logging files with directives like ErrorLog in the Apache configuration, these files will follow the same logic of permissions. The same for any file that could be changed by the application.
Resolved the issue. It was due to database file permission conflict.
Just give www-data permision to your project and db
sudo chown www-data:www-data ProjectPath
sudo chown www-data:www-data dbPath
Faced this issue while hosting Django Rest Framework on IIS 7.5 / Windows 2008 Server. It was working fine on local host . I added new feature to handle file upload feature along with "file name" . The files were uploaded properly but the database seemed to not accept the text from "file name" string.
Solution :
Go to your concern database. (if you have not assigned any particular database,consider the file db.sqlite3 in base folder)
Right click on the db.sqlite3 --> Properties --> Security --> Edit --> Add
In the text box enter Everyone --> Checkname --> ok
Refresh the server at IIS and try to run the application.