3

I'm trying to allow users of my django site to upload a file (mostly PDFs) to my server through a FileField on a model. However, I keep running into 'Errno 13 Permission Denied' when trying to use the upload field generated by my modelform.

I have found many potential solutions while searching around, but haven't been able to get anything to work properly so far. This is my first real deployment and I have probably confused myself. For reference, I am on Ubuntu 14.04, Django 1.6, & gunicorn+nginx.

Right now, my media root lies within my project directory at:

BASE_DIR = os.path.dirname(os.path.dirname(__file__))
MEDIA_ROOT = os.path.join(BASE_DIR, "media/uploads")

The error indicates an issue with the proper directory, so it's going to the right spot.

I have tried to chown -r the media directory to www-data:www-data with no success. I poked around, figured out what user was running the python process and tried to set 'him' as the owner - didn't work. I flipped it back to its original owner and group (root:root) and tried to chmod -r to 755 and 770, both of which also failed to resolve the issue.

If I chmod -r to 777, then everything "works" - but that's not something I want to keep exposed for obvious reasons.

My static files are collecting and being served properly from a directory outside of my project root (/var/www/mysite/static), so I tried moving the media folder over there and repeating all of the above steps - same result.

How can I get my media folder to securely accept uploads and downloads from my users without leaving this security hole wide open?

Thank you!

souldeux
  • 3,615
  • 3
  • 23
  • 35

2 Answers2

6

First of all, media files folder has to be in you project's path, otherwise you'll be getting SuspiciousOpertion exception from Django, so don't put it in /var/www.

Also, the fact that you are using nginx, is not that relevant, important part is which user is nginx/django project is running under, whichever user it is (normally www-data, at least with apache+mod_wsgi), that user should be the owner of the media folder.

Once you change the owner to the right user (I assume www-data): sudo chown -R www-data:www-data .../media, make sure permissions are correct: sudo chmod -R u+rwX .../media.

Hope it helped. Let me know if it didn't. :)

Eje
  • 354
  • 4
  • 8
lehins
  • 9,642
  • 2
  • 35
  • 49
  • Any parent directories back up to root of the file system also need to be at least searchable by the same user that code runs as. If a parent directory of the upload directory were not searchable, then it still would be able to see the uploads folder. Also check whether SELinux extensions may be causing issues. – Graham Dumpleton Aug 29 '14 at 20:38
  • I feel like the weight of the world is off of my shoulders. THANK YOU! – souldeux Aug 31 '14 at 19:03
  • What should I set the media folder owner to? I am using gunicorn and nginx. – zubhav Nov 29 '16 at 22:14
  • I'm many months late, but you should set the owner of the media folder to match the user running your django processes. – souldeux Mar 24 '17 at 13:51
2

Try upping the max_body_size in your nginx conf file:

server {
    ...

    client_max_body_size 250M;

    ...
}

By default it's set to 1M which is possibly too small depending on what you're uploading.

Eje
  • 354
  • 4
  • 8
Stuart Leigh
  • 826
  • 4
  • 6