问题
I'm running django on Digital Ocean with gunicorn and nginx. Gunicorn for serving the django and nginx for static files.
Upon uploading a file via website, I cant save to a folder in /home directory. I get [Errno 13] Permission denied.
Please, how do I make the web server to be able have read write access to any arbitrary folder anywhere under /home?
回答1:
This all depends on the user that your application is running as.
If you check ps aux | grep gunicorn which user the Gunicorn server is running your app as then you can change the chmod or chown permissions accordingly.
ls -lash will show you which user current only owns the folder and what permissions are on the folder you are trying to write to:
4.0K drwxrwx--- 4 username username 4.0K Dec 9 14:11 uploads
You can then use this to check for any issues.
Some docs on changing ownership and permissions
http://linux.die.net/man/1/chmod
http://linux.die.net/man/1/chown
I would advise being very careful to what locations on your disk you give access for the web server to read/write from. This can have massive security implications.
回答2:
Well, I worked on this issue for more than a week and finally was able to FIGURE IT OUT. Please follow links from digital ocean , but they did not pinpoint important issues one which includes
- no live upstreams while connecting to upstream
- *4 connect() to unix:/myproject.sock failed (13: Permission denied) while connecting to upstream
- gunicorn OSError: [Errno 1] Operation not permitted
*1 connect() to unix:/tmp/myproject.sock failed (2: No such file or directory)
etc.
These issues are basically permission issue for connection between Nginx and Gunicorn. To make things simple, I recommend to give same nginx permission to every file/project/python program you create.
To solve all the issue follow this approach: First thing is :
- Log in to the system as a root user
- Create /home/nginx directory.
- After doing this, follow as per the website until Create an Upstart Script.
- Run chown -R nginx:nginx /home/nginx
- For upstart script, do the following change in the last line : exec gunicorn --workers 3 --bind unix:myproject.sock -u nginx -g nginx wsgi DONT ADD -m permission as it messes up the socket. From the documentation of Gunicorn, when -m is default, python will figure out the best permission
- Start the upstart script
Now just go to /etc/nginx/nginx.conf file. Go to the server module and append:
location / { include proxy_params; proxy_pass http<>:<>//unix:/home/nginx/myproject.sock; } REMOVE <> Do not follow the digitalocean aricle from here on
- Now restart nginx server and you are good to go.
回答3:
Change the owner of /home
See actual owner $ ls -l /
f1 f2 f3 f4 f5 f6 f6 f8 f9 f10
- rwx r-x r-x 1 root root 209 Mar 30 17:41 /home
https://www.garron.me/en/go2linux/ls-file-permissions.html
f2 Owner permissions over the file or directory
f3 Group permissions over the file or directory
f4 Everybody else permissions over the file or directory
f6 The user that owns the file or directory
Change folder owner recursively sudo chown -R ubuntu /home/ substitute ubuntu with a non-root user.
Good practices
- Use a subdirectory
home/ubuntuas server directory,ubuntufolder haveubuntuuser as owner. - Set user-owner permissions to all. Your group and other users to read-only
sudo chmod -R 744 /home/ubuntu/
来源:https://stackoverflow.com/questions/28249115/errno-13-permission-denied-using-gunicorn