I have django site running on Ubuntu with apache2 configured with mod_wsgi. The media (folder where user uploaded files go) is owned by ubuntu user (with sudo access) and the group of media folder is www-data. When new folder or files are created by apache in media folder some external Python process (e.g. subprocess.popen) is not able to write in that folder as that particular folder is owned by www-data. What is the solution of this problem?
What I have done so far (django is the system user):
sudo chown django:django -R mysite/media/
sudo chgrp -R www-data mysite/media/
sudo chmod -R g+w mysite/media/
ls -la result of media folder (media folder contains some other folders named with integers):
drwxr-sr-x 2 www-data www-data 4096 Jun 8 02:20 11
drwxrwsr-x 6 django www-data 4096 Jun 7 18:15 10
drwxrwsr-x 5 django www-data 4096 Jun 7 18:13 9
drwxrwsr-x 5 django www-data 4096 Jun 7 18:11 8
As you can see the newly created folder 11 is owned by www-data not by django user.
What else i have tried:
- i have tried to add user
djangotowww-datagroup but nothing helps
Please help!
Update
Unfortunately Daniel solution also does not work for me (still getting IOError: [Errno 13] Permission denied). Here are result of command getfacl mysite/site_media/:
Before
# file: mysite/site_media/
# owner: django
# group: www-data
user::rwx
group::rwx
other::r-x
After (sudo setfacl -d -R -m g:www-data:rwx mysite/site_media/)
# file: mysite/site_media/
# owner: django
# group: www-data
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:www-data:rwx
default:mask::rwx
default:other::r-x
Best Answer
You can use file access control lists, in this case
setfaclto set default file permission to allow write operation for the group. If you have added django to the www-data group, then with the following command, the django user will have write permission on any files owned by www-data user.Note: you will need to install the
aclpackage usingapt-get install aclif it is not installed. Make sure also ACL is enabled for your partition - this link might help.