Errno 13 Permission denied using Gunicorn

Question

I'm running django on Digital Ocean with gunicorn and nginx. Gunicorn for serving the django and nginx for static files.

Upon uploading a file via website, I cant save to a folder in /home directory. I get [Errno 13] Permission denied.

Please, how do I make the web server to be able have read write access to any arbitrary folder anywhere under /home?

Answer 1

This all depends on the user that your application is running as.

If you check ps aux | grep gunicorn which user the Gunicorn server is running your app as then you can change the chmod or chown permissions accordingly.

ls -lash will show you which user current only owns the folder and what permissions are on the folder you are trying to write to:

4.0K drwxrwx--- 4 username username 4.0K Dec 9 14:11 uploads

You can then use this to check for any issues.

Some docs on changing ownership and permissions

http://linux.die.net/man/1/chmod

http://linux.die.net/man/1/chown

I would advise being very careful to what locations on your disk you give access for the web server to read/write from. This can have massive security implications.

Answer 2

Well, I worked on this issue for more than a week and finally was able to FIGURE IT OUT. Please follow links from digital ocean , but they did not pinpoint important issues one which includes

1. no live upstreams while connecting to upstream
2. *4 connect() to unix:/myproject.sock failed (13: Permission denied) while connecting to upstream
3. gunicorn OSError: [Errno 1] Operation not permitted

4. *1 connect() to unix:/tmp/myproject.sock failed (2: No such file or directory)

   etc.

These issues are basically permission issue for connection between Nginx and Gunicorn. To make things simple, I recommend to give same nginx permission to every file/project/python program you create.

To solve all the issue follow this approach: First thing is :

1. Log in to the system as a root user
2. Create /home/nginx directory.
3. After doing this, follow as per the website until Create an Upstart Script.
4. Run chown -R nginx:nginx /home/nginx
5. For upstart script, do the following change in the last line : exec gunicorn --workers 3 --bind unix:myproject.sock -u nginx -g nginx wsgi DONT ADD -m permission as it messes up the socket. From the documentation of Gunicorn, when -m is default, python will figure out the best permission
6. Start the upstart script

7. Now just go to /etc/nginx/nginx.conf file. Go to the server module and append:

   location / { include proxy_params; proxy_pass http<>:<>//unix:/home/nginx/myproject.sock; } REMOVE <> Do not follow the digitalocean aricle from here on

   8. Now restart nginx server and you are good to go.

Answer 3

Change the owner of /home

See actual owner $ ls -l /

f1  f2  f3  f4  f5  f6      f6      f8  f9              f10
-   rwx r-x r-x 1   root    root    209 Mar 30 17:41    /home

https://www.garron.me/en/go2linux/ls-file-permissions.html
f2 Owner permissions over the file or directory
f3 Group permissions over the file or directory
f4 Everybody else permissions over the file or directory
f6 The user that owns the file or directory

Change folder owner recursively sudo chown -R ubuntu /home/ substitute ubuntu with a non-root user.

Good practices

• Use a subdirectory home/ubuntu as server directory, ubuntu folder have ubuntu user as owner.
  
• Set user-owner permissions to all. Your group and other users to read-only sudo chmod -R 744 /home/ubuntu/