fcgi and socket file permissions
Following the change in [7800], the default permissions on the socket that is created if you are using runserver
in fastcgi and socket-file mode are much more restrictive than they were. This is a Good Thing.
However, as noted in #7615, this might catch people out if they aren't thinking about permissions and using this mode of operation. So we need a documentation patch somewhere to explain that either the webserver and Django should be run as the same user, or (probably better), as the same group with a slightly relaxed umask setting (002, maybe?). This only applies to the socket case for fastcgi, so it will require writing something that is clear without overwhelming any other useful information (it's a bit of an edge-case and a sysadmin will already know it, but not everybody is a sysadmin, sadly).
Change History
(9)
Triage Stage: |
Unreviewed → Accepted
|
Keywords: |
deployment added
|
Has patch: |
set
|
milestone: |
→ 1.3
|
Owner: |
changed from nobody to Gabriel Hurley
|
Status: |
new → assigned
|
Triage Stage: |
Accepted → Ready for checkin
|
Resolution: |
→ fixed
|
Status: |
assigned → closed
|
Easy pickings: |
unset
|
Severity: |
→ Normal
|
Type: |
→ Uncategorized
|
UI/UX: |
unset
|
Yes! Please! I had no idea why my setup wasn't working.
And still, I don't know how to run the fastcgi server as the same group.
sudo -u www-data
will change it to the same user (and group), but how do you change only the group? Thanks. :)