[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GMG-Devel] Fwd: Re: Media directory permissions

From: Jim Campbell
Subject: Re: [GMG-Devel] Fwd: Re: Media directory permissions
Date: Wed, 20 May 2015 13:58:58 -0500

Thanks, Chris.

On Wed, May 20, 2015, at 01:47 PM, Christopher Allan Webber wrote:
> Jim Campbell writes:
> > Thanks for confirming, Sebastian.
> >
> > On Tue, May 19, 2015, at 02:34 AM, Sebastian Hugentobler wrote:
> >> 
> >> > I talked about it with Chris today, and we decided to go with the first
> >> > option. I've updated the docs to create the mediagoblin system / user
> >> > account with 'mediagoblin:www-data' / 'mediagoblin:nginx' permissions.
> >> >
> >> > It almost works. I think I've discovered that the user_dev directory
> >> > does not give any permissions to group/other by default. It only gives
> >> > permissions to the owner, and I think that is blocking the web server
> >> > from accessing the media:
> >> >
> >> > drwx------.  4 mediagoblin nginx        4096 May 19 03:01 user_dev
> >> >
> >> > I understand that user_dev/crypto is important to keep private (so that
> >> > would be appropriate to be set as 700), but the above default permission
> >> > prevents access to user_dev/media (which is where all of the beautiful
> >> > pictures get stored).  Somehow that permission is getting set by default
> >> > in that manner during installation. I think that resolving that will fix
> >> > media issues.
> >> It definitely does, I am running my instance with these permissions
> >> (sorry for not coming forward earlier, I overlooked this thread).
> >> I will take a look at my ansible role to see if there's more I forgot to
> >> report.
> >
> > I would probably recommend permissions of 750 on the user_dev directory.
> >  Chris, is this something that you could look at in the code?
> >
> > Jim
> I'm a-ok with 750 for user_dev for now, yep.
>  - Chris
> PS: Note that in the glorious future, users will never use a directory
> named "user_dev"... the directory was called that because in-project
> virtualenv/data type installs were only meant to be for development, and
> the naming of such was to make it clear, but since we've never gotten
> real distro packaging yet this is the present reality, sadly!

Is it possible for you to update the default permissions for that
directory via a code update? How do those directories and their
permissions get created in the first place?  I looked through the code
last night to try and figure that out, and it seemed as though the
user_dev directory gets set up via the file or . . . a
different file that ends in .py that I can't recall right now (Yes, I
realize the latter file suggestion is completely unhelpful. I'm just not
in front of my home PC right now).  : )

I would prefer a code / install-based solution over a
documentation-based solution, though, because if a user changes the
value for where their media will be stored in paste_local.ini, the
user_dev directory might not be in the same location as someone who
doesn't change that value in paste_local.ini.

Thanks, everyone! I feel like we're close on this!


reply via email to

[Prev in Thread] Current Thread [Next in Thread]