I'm just starting to deploy my first online Django website, and I am wondering how to set Ubuntu file permissions in an optimal way of security, while at the same time providing the required permissions.
Firstly, the question about directories: I currently store the site in ~/www/mysite.com/{Django apps}, but often saw people using /var/www/...or /srv/www; Is there any reason to choose one of these directories better than the other? or any reason why storing a site in my home directory is a bad idea?
Secondly, the permissions of the directory itself and files. I use apache with mod_wsgiand have a file WSGIScriptAlias / ~/www/mysite.com/mainapp/wsgi.py. Apache works as a user www-data. For optimal protection, who should have the file wsgi.py, and what permissions should I give it and its containing directory?
Similarly, for directories www, www/mysite.comand www/mysite.com/someapp? What are the minimum permissions required for files and files?
I am currently using 755both 644dir and respecitvely files, which works well enough to allow the site to function, but I wonder if it is optimal / too liberal. My Ubuntu user owns most of the files, and www-dataowns sqlitedbs.
source
share