Errno 13 Permission denied: media folder with localhost

Question

I get a message

[Errno 13] Permission denied: u'/home/.../...jpg' when I try to upload a file in django. But the problem appears only when I try it with localhost/. When I and running or debugging it with localhost:8000 I get no problems.

I make the folders with a function when I run a script to set my database.

My code:

def handle_uploaded_file(request,f):
    user=Users.objects.get(id_u=request.user.id)
    url=settings.MEDIA_URL+'images/'+user.mail+'/gallery/'+f.name
    fullurl=settings.MEDIA_ROOT+'images/'+user.mail+'/gallery/'+f.name
    #comprobar si existe el archivo
    if not os.path.exists(fullurl): 
        destination = open(fullurl, 'wb+') 
    ...
        destination.close()

Permissions in folder media. I want to upload the files into the 'images' folder. Here I see others have no permissions to write, but the up folder have 777. So, why does my script change the permissions when it make the subfolders?

4 drwxrwxrwx  3 bernardo www-data 4096 ago  3 09:42 .
4 drwxrwxr-x 11 bernardo www-data 4096 jul 31 12:36 ..
4 drwxrwxr-x  5 bernardo bernardo 4096 ago  3 09:42 images

My http.config

ServerName localhost

WSGIPythonPath /home/bernardo/workspace/mbosoziales

Alias /media/ /home/bernardo/workspace/mbosoziales/media/
Alias /static/ /home/bernardo/workspace/mbosoziales/static/

<Directory /home/bernardo/workspace/mbosoziales/static>  
Order deny,allow
Allow from all
</Directory>

<Directory /home/bernardo/workspace/mbosoziales/media>
Order deny,allow
Allow from all
</Directory>

WSGIScriptAlias / /home/bernardo/workspace/mbosoziales/mbosoziales/wsgi.py

<Directory /home/bernardo/workspace/mbosoziales/mbosoziales>
<Files wsgi.py>
Order deny,allow
Allow from all
</Files>
</Directory>

So, I have to change the permissions each time after running the first script that makes the folders for the users because they don't have permissions to write in the media folder although I think the permissions are correct.

sudo chgrp -R www-data images/
chmod -R o+w images/

Any help would be appreciated. And sorry for my english :)

Added full exception: Environment:

Request Method: POST
Request URL: localhost:8000/user/upload/

Django Version: 1.4
Python Version: 2.7.3
Installed Applications:
('django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'django.contrib.admin',
 'admin',
 'login',
 'suchen',
 'user',
 'photologue')
Installed Middleware:
('django.middleware.common.CommonMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware')


Traceback:
File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py" in             get_response
  111.                         response = callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python2.7/dist-packages/django/contrib/auth/decorators.py" in _wrapped_view
  20.                 return view_func(request, *args, **kwargs)
File "/home/bernardo/workspace/mbosoziales/user/views.py" in upload
  332.             handle_uploaded_file(request,request.FILES['file'])
File "/home/bernardo/workspace/mbosoziales/user/views.py" in handle_uploaded_file
  344.         destination = open(fullurl, 'wb+')

Exception Type: IOError at /user/upload/
Exception Value: [Errno 13] Permission denied: u'/home/bernardo/workspace    /mbosoziales    /media/images/[email protected]/gallery/list.csv'

Answer 1

When you use runserver, the process is running as your normal user; and this user has access to /home/username/ to create folders and files.

When you run it under Apache, then the code is running as the apache process - typically www-data, and that user doesn't have access to create folders under your home directory.

The solution is not to chmod 777 even though this works. There are two better ways to approach this:

1. For production use, change the file paths to a directory where the www-data user normally has rights; and this should not be your home directory.

2. If you must use a location under your home directory; create a new path and set its parent's owner to www-data:www-data. This will allow it to work without giving the blanket 777 permissions.