which would actually result in keeping my server more secure... i would assume leaving other with rwx would be paramount to keeping my front door wide open?
I'll look into mod_wsgi... but i can't imagine that every person running mod_python and working with file uploads hasn't had to combat this little issue. is there really a safety concern? or is there another way around this? On Dec 11, 4:59 pm, Graham Dumpleton <graham.dumple...@gmail.com> wrote: > On Dec 12, 8:52 am, garagefan <monkeygar...@gmail.com> wrote: > > > this is my first time working this closely to the server for a live > > environment :) > > > "apache" appears as owner of the file once uploaded. is there a way to > > set the default on this to be another user? > > Only by using Apache/mod_wsgi (not mod_python) and specifically using > mod_wsgi daemon mode, with a distinct user defined for the daemon > process and thus your Django application to run as. > > Graham > > > On Dec 11, 4:45 pm, Graham Dumpleton <graham.dumple...@gmail.com> > > wrote: > > > > On Dec 12, 8:32 am, garagefan <monkeygar...@gmail.com> wrote: > > > > > I figured out my issue with the "access denied, suspicious operation" > > > > bull... > > > > > apparently the only way the admin side of my site can upload an image > > > > to a directory is by having "other" set to have full rwx set... ie > > > > chmod **7 I'm not so sure this is a good thing to keep set as that > > > > would give everyone, logged in or other, access to overwriting data, > > > > adding stuff, etc... right? > > > > Who owns the files once uploaded? > > > > Whoever that is should be the owner of the directory. Sounds like you > > > are running under Apache and don't understand that your code runs as > > > the Apache user. > > > > Graham --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
