Here's my clunky, but working, solution. In the following example, I have solved two security issues I was experiencing: 1) the original sorl directory permissions—now 755—and 2) the 'upload_to' folder of the source images—also now 755.
In the following example... Apache with mod_wsgi v2.0 (daemon mode) settings.py: ------------------ MEDIA_URL = 'http://mydomain.com/media/' # Sorl thumbnail sub-directory. Creates a sub-directory relative to image source. THUMBNAIL_SUBDIR = 'thumbs' ------------------ models.py ------------------ upload_to='images' (e.g., image = models.ImageField(upload_to='images') ------------------ Here are the steps: 1. Chmod the /media directory to 777 (you'll change this back to 755 later) 2. Delete or rename the /media/images directory (if already exists) 3. Log into Admin and upload an image in your model. Django will create the /images directory and set ownership to 'nobody'. This is important, because sorl runs and creates thumbs as user 'nobody'. 4. Include the following in settings.py: THUMBNAIL_SUBDIR = 'thumbs'. This will configure Sorl to create a thumbnail directory relative to the image source. If upload_to is set to 'images' in your models.py, sorl will create '/media/images/thumbs' and store thumbnails there. 5. Visit a page on your site where thumbnails are generated. This creates the '/media/images/thumbs' directory — owned by 'nobody'. 6. Chmod /media back to 755. Done. ME --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
