Changing file permissions for Apache - Django - python

I'm trying to modify file permissions in Linux so that Apache and Django have permission to read and write to the database. The path of my database file is
/var/www/tbg/database/database.sqlite3
I use these commands
chown www-data:www-data /var/www/tbg
chown www-data:www-data /var/www/tbg/database/database.sqlite3
Yet I get the same error (same error as is described here: sqlite3.OperationalError: unable to open database file).
To make sure the permissions are still not there, I can't paste content or create new folders. I can in the the subfolders of /tbg/, though, but not in /tbg/ itself.

I found the answer. I had neglected to change the file permissions of the directories inside /tbg/! With ls -l I was able to figure this out and then I typed
chmod www-data:www-data foldername
to enable apache to read and write to the directories. This must be done for every directory under your project's name (in my case /tbg/) -- and in every subdirectory under every subdirectory!

Related

How to create an empty file using apache user in django or python instead of actual user of server

I need to create an empty file when createEmptyFile() is triggered in UI.
But it is giving error "touch: cannot touch 'hello.txt': Permission denied"
because instead of creating file with actual user (actualuser), it is creating with apache user
This is a django app using apache server, and using 'os' module and with 'touch' command i need to create file
def createEmptyFile():
print getpass.getuser()
os.system('touch hello.txt')
I expect file to be created but it is giving "touch: cannot touch 'hello.txt': Permission denied" because of file is creating using another user(apache) instead of actual user(anotheruser)
Output:
apache
touch: cannot touch 'hello.txt': Permission denied
Thanks #dirkgroten,
With your suggestion i've created a new folder called properties and given owner as linux user and group as apache and folder permission as 777 and that worked fine any how 777 not suggested but in my case there is no need of having security of that directory:
1) mkdir properties #created directory
2) sudo chown actualuser properties #change owner to linux user (actualuser)
3) sudo chown :apache properties #change group to apache
4) sudo chmod 777 properties #change folder permission as drwxrwxrwx
below is the result:
drwxrwxrwx 2 actualuser apache 111 Jul 23 05:19 properties

Python Heroku allow pushed .exe to run - OSError: [Errno 13] Permission denied

I had to push an .exe file to heroku to be able to create invoice pdfs. It works localy without any problems but on heroku I get an error:
OSError: [Errno 13] Permission denied
Probably because I am not allowed to execute .exe files. So I need somehow to create a rule that this file is allowed to execute.
I pushed wkhtmltopdf.exe to heroku and I access this file in my method to create a pdf:
MYDIR = os.path.dirname(__file__)
path_wkthmltopdf = os.path.join(MYDIR + "/static/executables/", "wkhtmltopdf.exe")
config = pdfkit.configuration(wkhtmltopdf=path_wkthmltopdf)
Was not able to find a solution yet.
EDIT:
Tryed giving permission with chmod through heroku bash and also adding a linux executable but still the same error:
~/static/executables $ chmod a+x wkhtmltopdf-linux.exe
~ $ chmod a+x static/executables/wkhtmltopdf-linux.exe
Using sudo gave me:
bash: sudo: command not found
I'm not very familiar with heroku, but if you can somehow get access to terminal of environment of your application (for example ssh to your server), you need to change permissions of that file so it can be executed. To do that, you need to run in that terminal:
sudo chmod a+x /path/to/file/FILENAME
Also,i'm pretty sure your app on Heroku runs on Linux, specifically on Ubuntu, since it's the default (link)
It means there might be difficulties with running Windows executables.
Okay I managed to fix this with a buildpack. In addition wkhtmltopdf-pack must be installed and added to the requirements.txt.
Then you have to set a config var in heroku for the wkhtmltopdf executable which will be generated from the files provided in the buildpack. Do not search for an .exe file.
heroku config:set WKHTMLTOPDF_BINARY=wkhtmltopdf-pack
You can see all your config vars also in the heroku dashboard under settings, you can also create it there and not use the CLI.
Then you have to tell the pdfkit configuration where to find the WKHTMLTOPDF_BINARY:
In my config.py:
import subprocess
WKHTMLTOPDF_CMD = subprocess.Popen(
['which', os.environ.get('WKHTMLTOPDF_BINARY', 'wkhtmltopdf')], # Note we default to 'wkhtmltopdf' as the binary name
stdout=subprocess.PIPE).communicate()[0].strip()
For the pdfkit configuration:
config = pdfkit.configuration(wkhtmltopdf=app.config['WKHTMLTOPDF_CMD'])
Now you should be able to create the pdf, example:
the_pdf = pdfkit.from_string("something", False, configuration=config)
Credit to this tutorial:
https://artandlogic.com/2016/12/generating-pdfs-wkhtmltopdf-heroku/

Access denied acccessing this file or folder. Cloud9

When i am creating a file in django and trying to save it too the file App1it gives me an error… Access denied acccessing this file or folder
This link shows how my files look.
Check the ownership of the Django files and make sure that the user you are running the application as has permissions to the files. If you created it under a different user than you are running it under you will not have permissions to modify.
try running this command
sudo chown -R ec2-user:ec2-user App1/
or
sudo chown -R ec2-user:ec2-user mywebsite/

django manage.py script messed up directory permissions

I have a script that checks a json file and downloads photos to a folder.
This bit checks if the directory exists and if not, creates it:
folder = media_root + 'photos/' + now.strftime('%Y') + '/' + now.strftime('%m') + '/' + now.strftime('%d')
if not os.path.isdir(folder):
os.makedirs(folder)
everything worked like it should, but now the folder can't be written through the django admin interface, giving the error OSError: [Errno 13] Permission denied: media/photos/2014/08/31/OneOf.jpg
The only way this works is if I set the permissions to be writable by everyone.
I checked and gunicorn is running with user nobody, and this never caused a problem before.
What could have caused this issue and how do I stop it from happening in the future?
EDIT:
I tried out the suggestions bellow but running the script as nobody only returned an error:
File "./manage.py", line 8, in <module>
from django.core.management import execute_from_command_line
ImportError: No module named django.core.management
I also checked and the other folders, created by the django-admin interface, are also owned by root.
RESOLUTION:
the os.makedirs commands changed the whole directory tree to be owned by root, which is why that even with the same permissions as other folders django couldn't write to that directory.
To keep it from happening again the solution is to restore ownership to that directory tree once the new folder is created.
The problem is that you are running the script as root.
The user that you run a program with is the same user that owns any files created by that program.
Once you run a program as root, any output will also be owned by the root user, which means the user that is running the django app will not have access to those files.
You should run the manage.py script as the same user that is running your web app (nobody) so that files created are then readable by the gunicorn process - and by extension, django.
to unspool your first issue:
created some data with bad perms
$ sudo chown -R www-data:www-data /full/path/to/media
running manage.py as the webserver user
$ sudo -u www-data ./manage.py <your-management-command>
Note: If sudo is not set up, you should set it up.

OperationalError: attempt to write a readonly database in ubuntu server

I'm running a FlaskApp using mod_wsgi and apache2 on Ubuntu server. I tried running the flask app on localhost successfully and then deployed it on ubuntu server.
But when i try to update database, its giving error:
Failed to update model. (OperationalError) attempt to write a readonly database u'UPDATE mysongs SET songurl=? WHERE songid.id = ?' (u'www.site.com/I_wanna_dance', 1)
Now i tried look for database file permission which is:
-rwxr-xr-x 1 www-data www-data 10240 Jul 14 15:35 /var/www/mywebsite/appfolder/appdata.db`
When i try changing permission to 777, 755, 644 etc. it shows another error: unable to open database file Although database file works fine with 644 permission on localhost but not on ubuntu server.
Also i checked permission of directories and for /var /var/www /var/www/mywebsite /var/www/mywebsite/appfolder etc., all have www-data:www-data as its owner username and group.
I tried googling and but no proper solution other than suggestion of changing file/dir permissions, which i have tried myself.
Why can't it read/access the database file?
Please suggest.
This issue is related to the files permissions management AND mostly to the user chosen in the Apache configuration file (*.conf) defined to holds the application processes. In a few words : the write permissions need to match this user.
Most of the time, the sqlite database file has been created by a specific user (for example your current user) and the site application is running under child processes launched by the Apache default user www-data (if the parameter user wasn't specified inside the directive WSGIDaemonProcess). In this case, the database can be read but it will throw this error if you try to modify anything :
(OperationalError) attempt to write a readonly database...
because www-data has no permission on the file (or on the parent folder)
First way : Apply permissions to the user www-data
You can set the write permissions on the database file and its parent folder.
If the folder contains other files, you can add write permission on it and only change the ownership of the database file to the user www-data, for example :
sudo chmod o+w db_directory
sudo chown www-data: db_directory/site_database.db
Or if the folder contains only the database file, you can try to change the folder owner directly :
sudo chown -R www-data: db_directory
Then check that read/write permissions are well set (with ls -l site_database.db)
More help in this post.
Other solution : Add a specific user to hold the application processes
This can be done by giving the user and group parameters in the directive WSGIDaemonProcess in Apache configuration.
It will make Apache launch the child processes under a specific user.
For example :
...
WSGIDaemonProcess main user=myuser group=myuser threads=3 python-home=/path/to/the/virtualenv/
WSGIProcessGroup main
WSGIApplicationGroup %{GLOBAL}
...
This user will manage all operation, including read/write to any files, so check that it has all needed permissions on every related files.
For security concerns, you may not use a wide-privileged user.
Some comments can help in this post.
Note : be careful if you manage your own logging files with directives like ErrorLog in the Apache configuration, these files will follow the same logic of permissions. The same for any file that could be changed by the application.
Resolved the issue. It was due to database file permission conflict.
Just give www-data permision to your project and db
sudo chown www-data:www-data ProjectPath
sudo chown www-data:www-data dbPath
Faced this issue while hosting Django Rest Framework on IIS 7.5 / Windows 2008 Server. It was working fine on local host . I added new feature to handle file upload feature along with "file name" . The files were uploaded properly but the database seemed to not accept the text from "file name" string.
Solution :
Go to your concern database. (if you have not assigned any particular database,consider the file db.sqlite3 in base folder)
Right click on the db.sqlite3 --> Properties --> Security --> Edit --> Add
In the text box enter Everyone --> Checkname --> ok
Refresh the server at IIS and try to run the application.

Categories