fcgi and socket file permissions
|Reported by:||Malcolm Tredinnick||Owned by:||Gabriel Hurley|
|Cc:||Triage Stage:||Ready for checkin|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Following the change in , the default permissions on the socket that is created if you are using
runserver in fastcgi and socket-file mode are much more restrictive than they were. This is a Good Thing.
However, as noted in #7615, this might catch people out if they aren't thinking about permissions and using this mode of operation. So we need a documentation patch somewhere to explain that either the webserver and Django should be run as the same user, or (probably better), as the same group with a slightly relaxed umask setting (002, maybe?). This only applies to the socket case for fastcgi, so it will require writing something that is clear without overwhelming any other useful information (it's a bit of an edge-case and a sysadmin will already know it, but not everybody is a sysadmin, sadly).
Change History (9)
comment:4 Changed 6 years ago by
|Owner:||changed from nobody to Gabriel Hurley|
|Status:||new → assigned|
|Triage Stage:||Accepted → Ready for checkin|