File permissions for Django: Gunicorn, Nginx, and Static Files
|July 25, 2014||Posted by forumadmin under TechQns||
I have a standard ubuntu 14.04 machine. I use it daily under the user
mh00h. I’m interested in using this machine as a production server. How do I manage file permissions for Django and Nginx?
Nginx is currently configured to run under the
www-data:www-data. This minimizes risk of the rest of a machine being compromised. Django/gunicorn likewise should run under a user other than
mh00h. But under what user should gunicorn actually be run under?
Next: I am storing all of my web development files under
/home/mh00h/development. Owned by
/home/mh00h/development/project1 (plus all dir/files but /media and /static)? Owned by
mh00h. I follow django two-scoops best practices to create a project directory with static files inside of it. Of course, Nginx is unable to access
/home/mh00h/development/project1/project1/static now because all of those parent directories are owned by
./static is owned by
To complicate the matter, virtualenvwrapper creates my virtual environments under
I am hesitant to fraction away from two scoop’s best practices and store
/static separately in
/var/www, because I want all of these directories to stay nicely packaged together for easy transport off to some other server later. Plus, it makes me messy if I compare myself against how two-scoops did it.
- Where should my static files be stored?
- Where should django specific files be stored?
- What users/groups should be able to access which of 1 and 2?
- Where should virtualenvwrapper environments be stored?
- What permissions should these locations have?
|Asked By – mh00h||Read Answers|