Lol, please bear with me... I still have a question about what read/write privileges the www-data user and group should have. I changed them along the way as I was trying to get things to work, and I suspect I've given too strong permissions. The permissions as they stand now for the web2py folder are (as reported by ls -l):
drwxrwsr-x 11 www-data www-data 4096 Feb 17 21:07 web2py Are these permissions OK? Thanks! Tobias On 17 February 2014 22:06, Janos Tobias Locsei <[email protected]> wrote: > Update: actually I do have a user called www-data, and things are working > as expected now. > > What tripped me up was that using "sudo -u www-data <command>" gave an > error "No such file or directory", and it turned out it was because I had > an alias for sudo. So, using "/usr/bin/sudo -u www-data <command>" works as > expected. I'm posting this here in case another linux newbie gets tripped > up by the same thing in the future. > > Tobias > > --- > > For completeness, my script for restarting the server is now: > > # Check if user has root privileges > if [[ $EUID -ne 0 ]]; then > echo "You must run the script as root or using sudo" > exit 1 > fi > # Set ownership of web2py directory recursively (-R) > cd /home/www-data > chown -R www-data:www-data web2py > > # Set the password for the administrative interface > cd /home/www-data/web2py > /usr/bin/sudo -u www-data python -c "from gluon.main import save_password; > save_password(raw_input('admin password: '),443)" > > # Stop server if it was already running > stop uwsgi-emperor > > /etc/init.d/nginx stop > # Start the server > start uwsgi-emperor > /etc/init.d/nginx restart > > > > On 17 February 2014 21:37, Janos Tobias Locsei <[email protected]>wrote: > >> Thanks Anthony, that's the problem - I hadn't opened port 443 in my >> iptables. I knew it would be something silly. It works now. >> >> I also had to change a couple of other things to make it work. Would >> either of the below compromise the security of my setup? >> >> 1. I removed the "-u www-data" option in the line of the script that sets >> the admin password, because I don't have a user called www-data. So, my >> script says something like: >> sudo python -c "from gluon.main import save_password; >> save_password(raw_input('admin password: '),443)" >> Should I create a user called www-data, and if so what privileges should >> I give them? Sorry if this is a naive question. >> >> 2. I had to add sudo for the following commands in the script, otherwise >> they wouldn't run >> sudo start uwsgi-emperor >> sudo /etc/init.d/nginx restart >> I'm guessing that once again this is because I don't have a user called >> www-data, and I haven't updated the uid and gid lines of the uwsgi config >> file to reflect the user that I'm running as. >> >> Tobias >> >> P.S. For completeness, here's the whole script I'm using to launch the >> server now: >> >> # Set the password for the administrative interface >> cd /home/www-data/web2py >> sudo python -c "from gluon.main import save_password; >> save_password(raw_input('admin password: '),443)" >> # Stop server if it was already running >> sudo stop uwsgi-emperor >> sudo /etc/init.d/nginx stop >> # Start the server >> sudo start uwsgi-emperor >> sudo /etc/init.d/nginx restart >> >> >> >> >> >> >> >> On 17 February 2014 20:09, Anthony <[email protected]> wrote: >> >>> Why are you port forwarding? Is SSL still on port 443? >>> >>> Anthony >>> >>> >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
