Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Handling Paperclip folder and file permissions using Ruby on Rails

Tags:

ruby

ruby-on-rails

ruby-on-rails-3

ubuntu

paperclip

I am running Ruby on Rails 3.0.9 in production mode on a remote VPS machine running Ubuntu 10.04 LTS (in development mode I use RoR on a MAC OS Snow Leopard) and I would like to know how to manage the following scenario.

I use Apache2 and Phusion Passenger and I have set Virtual Host as-like this:

<VirtualHost *:80>
  ServerName project_name.com
  DocumentRoot /srv/www/project_name.com/public

  <Directory /srv/www/project_name.com/public>
    AllowOverride all
    Options -MultiViews
  </Directory>
</VirtualHost>

More, I use the Paperclip gem and, as a lot of people on the web using it in production mode, I get the following error on handling (image) files:

Errno::EACCES (Permission denied - /srv/www/project_name.com/public/images/001):
...

I heard that a solution in order to avoid those kind of errors is to set properly folder permissions (manually! - I don't know if it is possible to automate that "setting" process... BTW: is it possible?) but I think there is a better way to solve that. If so, what can\should I do?

like image 383
Backo Avatar asked Aug 02 '11 09:08

Backo

2 Answers

@M. Cypher is close, although the biggest issue I see is that you're allowing users to upload arbitrary files and then marking them all executable. This is a disaster looking for a place to happen.

find /srv/www/project_name.com/public -type d -exec chmod 755 {}\;
find /srv/www/project_name.com/public -type f -exec chmod 644 {}\;

This will set executable on directories (necessary) but not on files.

like image 81
richo Avatar answered Oct 05 '22 12:10

richo

Why automate it, it just requires a simple command on the server.

sudo chmod -R 777 /srv/www/project_name.com/public

Edit: I have all my Paperclip images in a shared directory, e.g. /srv/www/project/shared/... That way, they are not affected when I deploy a new version with Capistrano and I only have to set the folder permissions once (with the above command or similar). That's why I think automation is not necessary, since you need to run the command exactly once, not after every deploy.

Btw, chmod -R 777 may not be the best choice since it indiscriminately sets every file in every subfolder to be accessible by everyone. It does work, but I'm sure someone with more Linux skills can point out why a less extreme version would be smarter.

like image 31
M. Cypher Avatar answered Oct 05 '22 12:10

M. Cypher
Sign in to Comment

Related questions

How to define allow_destroy and :dependent => :destroy in Rails?
Rails 3 Capybara error
Comments for many different models: polymorphic or not? (Ruby on Rails)
Is disabling CSRF protection sometimes justified?
How to get a named route from a Rack app hosted in Rails 3?
How do you add JOIN information to a rails seeds.rb file?
Tips/Tricks for optimizing performance of views in Rails (2.x or 3.x)?
Devise not displaying login error messages
Problem with Rails page caching and automatic extensions
Help tracing why controller spec is failing
Why does my recursive method from helper not return every value?
Switching from prototype to jquery in Rails, what about helpers?
Rails 3: nested_form, collection_select, accepts_nested_attributes_for and fields_for
ar_sendmail command not working with ruby 1.9.2
HTML Purifier equivalent for Ruby on Rails?
Savon SSL Issue
How to prevent rails (3.1) from firing 2 selects for same record?
Am I doing something wrong with the asset pipeline?
SystemStackError (stack level too deep)
Redirect to original destination after logging in

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!