On Oct 11, 2011, at 10:12 AM, Walter Lee Davis wrote: > > On Oct 11, 2011, at 12:54 PM, Craig White wrote: > >> >> On Oct 11, 2011, at 9:42 AM, Walter Lee Davis wrote: >> >>> I am running in production on Ubuntu 10 with Passenger and Apache2. I just >>> had to set my system/dragonfly folder to 777 in order to allow uploads to >>> work, and that doesn't seem like a good idea or even necessary. What''s the >>> trick to get this to work correctly (as in not world-writable folders >>> inside the Web root)? >> ---- >> generally a passenger/rails application will run as the same user who owns >> RAILS_ROOT/config/environment.rb or in the case of a Rack based application, >> RAILS_ROOT/config.ru but that can be overridden in the apache config >> (passenger_user). As long as this 'user' has write permissions, that should >> be sufficient and should in all likelihood be the same user writing to >> RAILS_ROOT/log/[development|production].log >> >> Craig > > My logs are being written to by root, but dragonfly is using the > nobody/nogroup user on this machine. What I did (reminder to self for next > time) was to momentarily set public/system to 777, delete dragonfly from > there, and upload one photo (which created all the folders and subfolders > with the correct ownership and permissions). Then I set public/system back to > 755 and it seems to continue working correctly. ---- OK - so obviously user 'root' owns RAILS_ROOT/config/environment.rb, you don't have a passenger_user setting in your apache configuration so Apache/passenger drops privileges and runs the web package as user nobody:nogroup
If you want to fix the permissions on public/system/dragonfly, then you should either: - change the ownership of RAILS_ROOT/config/environment.rb or - set the passenger_user in your apache configuration and that user would have to be given write permissions not only on RAILS_ROOT/public/system/dragonfly (recursively) but also RAILS_ROOT/log folder (recursively) and also RAILS_ROOT/public/system (recursively) Craig -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
