I am running in production on Ubuntu 10 with Passenger and Apache2. I just had to set my system/dragonfly folder to 777 in order to allow uploads to work, and that doesn''t seem like a good idea or even necessary. What''''s the trick to get this to work correctly (as in not world-writable folders inside the Web root)? Thanks in advance, Walter -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Oct 11, 2011, at 9:42 AM, Walter Lee Davis wrote:> I am running in production on Ubuntu 10 with Passenger and Apache2. I just had to set my system/dragonfly folder to 777 in order to allow uploads to work, and that doesn''t seem like a good idea or even necessary. What''''s the trick to get this to work correctly (as in not world-writable folders inside the Web root)?---- generally a passenger/rails application will run as the same user who owns RAILS_ROOT/config/environment.rb or in the case of a Rack based application, RAILS_ROOT/config.ru but that can be overridden in the apache config (passenger_user). As long as this ''user'' has write permissions, that should be sufficient and should in all likelihood be the same user writing to RAILS_ROOT/log/[development|production].log Craig -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Oct 11, 2011, at 12:54 PM, Craig White wrote:> > On Oct 11, 2011, at 9:42 AM, Walter Lee Davis wrote: > >> I am running in production on Ubuntu 10 with Passenger and Apache2. I just had to set my system/dragonfly folder to 777 in order to allow uploads to work, and that doesn''t seem like a good idea or even necessary. What''''s the trick to get this to work correctly (as in not world-writable folders inside the Web root)? > ---- > generally a passenger/rails application will run as the same user who owns RAILS_ROOT/config/environment.rb or in the case of a Rack based application, RAILS_ROOT/config.ru but that can be overridden in the apache config (passenger_user). As long as this ''user'' has write permissions, that should be sufficient and should in all likelihood be the same user writing to RAILS_ROOT/log/[development|production].log > > CraigMy logs are being written to by root, but dragonfly is using the nobody/nogroup user on this machine. What I did (reminder to self for next time) was to momentarily set public/system to 777, delete dragonfly from there, and upload one photo (which created all the folders and subfolders with the correct ownership and permissions). Then I set public/system back to 755 and it seems to continue working correctly. Walter -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Oct 11, 2011, at 10:12 AM, Walter Lee Davis wrote:> > On Oct 11, 2011, at 12:54 PM, Craig White wrote: > >> >> On Oct 11, 2011, at 9:42 AM, Walter Lee Davis wrote: >> >>> I am running in production on Ubuntu 10 with Passenger and Apache2. I just had to set my system/dragonfly folder to 777 in order to allow uploads to work, and that doesn''t seem like a good idea or even necessary. What''''s the trick to get this to work correctly (as in not world-writable folders inside the Web root)? >> ---- >> generally a passenger/rails application will run as the same user who owns RAILS_ROOT/config/environment.rb or in the case of a Rack based application, RAILS_ROOT/config.ru but that can be overridden in the apache config (passenger_user). As long as this ''user'' has write permissions, that should be sufficient and should in all likelihood be the same user writing to RAILS_ROOT/log/[development|production].log >> >> Craig > > My logs are being written to by root, but dragonfly is using the nobody/nogroup user on this machine. What I did (reminder to self for next time) was to momentarily set public/system to 777, delete dragonfly from there, and upload one photo (which created all the folders and subfolders with the correct ownership and permissions). Then I set public/system back to 755 and it seems to continue working correctly.---- OK - so obviously user ''root'' owns RAILS_ROOT/config/environment.rb, you don''t have a passenger_user setting in your apache configuration so Apache/passenger drops privileges and runs the web package as user nobody:nogroup If you want to fix the permissions on public/system/dragonfly, then you should either: - change the ownership of RAILS_ROOT/config/environment.rb or - set the passenger_user in your apache configuration and that user would have to be given write permissions not only on RAILS_ROOT/public/system/dragonfly (recursively) but also RAILS_ROOT/log folder (recursively) and also RAILS_ROOT/public/system (recursively) Craig -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.