> That might work for a public folder in a user's home directory, but I
> was looking for a mechanism that doesn't involve gutting all security
> or relying on users to correctly set permissions our groups.
As Tom said, it is difficult. And making things world-r/w isn't as dodgy
as it sounds if the circumstances are appropriate. Depending on your
use-case you might be able to quite satisfactorily secure such files via
requiring a valid user to gain access.
I don't know nginx at all but with Apache you can easily control all
such security within the conf files without needing .htaccess files in
the user directories.
This approach is used frequently on sites where people require ftp
access to tweak files owned and served by the webserver. It is just
reversing the perspective to give nginx access to files it doesn't own.
Mike
I could
> tolerate adding a key to a user .ssh/authorized_keys file that gives
> www-data user command="sftp-internal" access if django-storages sftp
> backend allows multiple accounts (or even as root if properly root
> jailed to /home). Just feel I'm going the long way around the barn
> and am missing an obvious way to for web-based file management for
> user's files...
>
> On Jan 19, 2012, at 12:56 AM, Mike Dewhirst wrote:
>
>> On 19/01/2012 2:10pm, Brian Schott wrote:
>>> Looking for some expert advice. I need to provide an upload and
>>> file browse capability for a user's home directory. It doesn't
>>> have to be a full blown file explorer necessarily, just a basic
>>> upload, download, rename, delete. What's the best way to deal
>>> with the userid issues on Linux? The files live in a user's
>>> home directory, so the files are owned by the user, not www-data,
>>> and it's probably not an option to set the default group to
>>> www-data. Users can remote desktop and/or ssh to their account,
>>> so no predicting what user/group creation will happen behind the
>>> scenes.
>>
>> If the user makes the particular files world-readable/writable it
>> doesn't matter what the uid/gid happens to be. Everything should
>> just work for nginx.
>>
>>
>>>
>>> I've thought about different options, but they all have
>>> tradeoffs: 1. dav enabled nginx process for each user with a
>>> javascript dav file explorer? 2. django-storages with sftp? 3.
>>> something else?
>>>
>>> Brian
>>>
>>> Brian Schott bfschott@gmail.com
>>>
>>>
>>>
>>
>> -- You received this message because you are subscribed to the
>> Google Groups "Django users" group. To post to this group, send
>> email to django-users@googlegroups.com. To unsubscribe from this
>> group, send email to django-users+unsubscribe@googlegroups.com. For
>> more options, visit this group at
>> http://groups.google.com/group/django-users?hl=en.
>>
>
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
0 comments:
Post a Comment