I've been using chown www-data:www-data -R /path/to/my/django-app/ and simply letting my virtualenv's dirs / files be owned by root (since sudo pip install foo implies that by default). This just doesn't feel right though. Is this pretty typical, or, should www-data only own directories that it can upload files to? If I allow root to own everything, my server won't even be able to write .pyc files, or will it? I'm clearly quite new to Unix permissions. What is the secure, proper way to handle this?
我一直在使用chown www-data:www-data -R / path / to / my / django-app /并简单地让我的virtualenv的dirs /文件归root所有(因为sudo pip install foo暗示默认情况下)。这只是感觉不对劲。这是非常典型的,或者,如果www数据只拥有可以上传文件的目录吗?如果我允许root拥有所有东西,我的服务器甚至不能写.pyc文件,或者它会吗?我显然对Unix权限很新。处理这个问题的安全,正确的方法是什么?
1 个解决方案
#1
1
The proper way is to compile to bytecode on install so that .pyc files never need to be created on the fly. The rest is basic stuff, like "never use 0777/0666".
正确的方法是在安装时编译为字节码,以便永远不需要创建.pyc文件。剩下的就是基本的东西,比如“永远不要使用0777/0666”。
#1
1
The proper way is to compile to bytecode on install so that .pyc files never need to be created on the fly. The rest is basic stuff, like "never use 0777/0666".
正确的方法是在安装时编译为字节码,以便永远不需要创建.pyc文件。剩下的就是基本的东西,比如“永远不要使用0777/0666”。