Django Permissions on Droplet - Continued

I’ve been researching permissions for Django directories and files on my Droplet. I’ve asked a few questions on DO Community regarding this and have had excellent advice. However, I am continuing this question because I’m finding out a few things:

In checking the Droplet, I have ownership of files set to a specific user I elevate privileges to perform certain ops. I set this up according to the following link:

Therefore, I do not have ownership of files set to root. Ownership of files is set to that particular user.

In checking the following reply to question on the following link, it states:

“All files and directories in our production environment are owned by root:root with 755/644 file permissions, unless otherwise required.”

But it also states “Our nginx process runs as www-data. In general each Django project has its own user, and the gunicorn process runs as this user.”

So, my Django project is owned by my specified user, not the root. Therefore, all the directories and files are owned by this user. My main question is: Should they be all be owned by root instead??

I’ve have this setup on my Dev Server at my office with a specified user, not root. It works, but when I changed permissions to 755 for Directories and 644 for Files for my Django project and apps, the virtual environment directory and files were changed as well. I was subsequently not able to execute the pip command from within PyCharm IDE. I had to raise permissions on pip in order to do so. Question: Should I leave the virtual environment permissions “as is,” especially the files in the bin directory.

Any help would be greatly appreciated. Basically, I want to ensure I have a secure environment in Production without having issues with running my apps.

Submit an answer
Answer a question...

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer