I am running in production on Ubuntu 10 with Passenger and Apache2. I
just had to set my system/dragonfly folder to 777 in order to allow
uploads to work, and that doesn’t seem like a good idea or even
necessary. What’'s the trick to get this to work correctly (as in not
world-writable folders inside the Web root)?
Thanks in advance,
Walter
On Oct 11, 2011, at 9:42 AM, Walter Lee D. wrote:
I am running in production on Ubuntu 10 with Passenger and Apache2. I just had
to set my system/dragonfly folder to 777 in order to allow uploads to work, and
that doesn’t seem like a good idea or even necessary. What’'s the trick to get
this to work correctly (as in not world-writable folders inside the Web root)?
generally a passenger/rails application will run as the same user who
owns RAILS_ROOT/config/environment.rb or in the case of a Rack based
application, RAILS_ROOT/config.ru but that can be overridden in the
apache config (passenger_user). As long as this ‘user’ has write
permissions, that should be sufficient and should in all likelihood be
the same user writing to RAILS_ROOT/log/[development|production].log
Craig
On Oct 11, 2011, at 12:54 PM, Craig W. wrote:
On Oct 11, 2011, at 9:42 AM, Walter Lee D. wrote:
I am running in production on Ubuntu 10 with Passenger and Apache2. I just had
to set my system/dragonfly folder to 777 in order to allow uploads to work, and
that doesn’t seem like a good idea or even necessary. What’'s the trick to get
this to work correctly (as in not world-writable folders inside the Web root)?
generally a passenger/rails application will run as the same user who owns
RAILS_ROOT/config/environment.rb or in the case of a Rack based application,
RAILS_ROOT/config.ru but that can be overridden in the apache config
(passenger_user). As long as this ‘user’ has write permissions, that should be
sufficient and should in all likelihood be the same user writing to
RAILS_ROOT/log/[development|production].log
Craig
My logs are being written to by root, but dragonfly is using the
nobody/nogroup user on this machine. What I did (reminder to self for
next time) was to momentarily set public/system to 777, delete dragonfly
from there, and upload one photo (which created all the folders and
subfolders with the correct ownership and permissions). Then I set
public/system back to 755 and it seems to continue working correctly.
Walter
On Oct 11, 2011, at 10:12 AM, Walter Lee D. wrote:
Craig
My logs are being written to by root, but dragonfly is using the nobody/nogroup
user on this machine. What I did (reminder to self for next time) was to
momentarily set public/system to 777, delete dragonfly from there, and upload one
photo (which created all the folders and subfolders with the correct ownership and
permissions). Then I set public/system back to 755 and it seems to continue
working correctly.
OK - so obviously user ‘root’ owns RAILS_ROOT/config/environment.rb, you
don’t have a passenger_user setting in your apache configuration so
Apache/passenger drops privileges and runs the web package as user
nobody:nogroup
If you want to fix the permissions on public/system/dragonfly, then you
should either:
- change the ownership of RAILS_ROOT/config/environment.rb
or
- set the passenger_user in your apache configuration
and that user would have to be given write permissions not only on
RAILS_ROOT/public/system/dragonfly (recursively) but also RAILS_ROOT/log
folder (recursively) and also RAILS_ROOT/public/system (recursively)
Craig