How to best solve user permission issue where a Lighttpd+FastCGI app's folder is located in /root/?
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I have a Flask application on a docker solution.
I have configured lighttpd to drop to "lighttpd" user and group.
Problem is: The flask app is part of a bit larger project that's simply being copied into the container at build time. Acting as a web-gui. And this cause the flask+fastcgi solution to be owned by "root" user. And simply chowning the app's folder (and it's subfolders and files) to lighttpd:lighttpd still makes lighttpd to fail with "No Permission" error. *(And Lighttpd will understandably refuse to drop to group 0/root user permissions)*
I'm quite positive this happens because of /root/ being set to drwx------ permissions.
Is there any moderately safe advice, other than relocating the app out from the /root/ folder? Security is really not a massive concern, but solving it as securely as possible would be nice.
Could a symlink owned by lighttpd:lighttpd, placed outside of /root/ perhaps be the simplest solution? Or might that fail since it's target sits inside /root/ ? (though the actual subfolder would be chowned to lighttpd user/group)
linux permissions fastcgi chmod chown
migrated from stackoverflow.com May 2 at 14:26
This question came from our site for professional and enthusiast programmers.
add a comment |Â
up vote
0
down vote
favorite
I have a Flask application on a docker solution.
I have configured lighttpd to drop to "lighttpd" user and group.
Problem is: The flask app is part of a bit larger project that's simply being copied into the container at build time. Acting as a web-gui. And this cause the flask+fastcgi solution to be owned by "root" user. And simply chowning the app's folder (and it's subfolders and files) to lighttpd:lighttpd still makes lighttpd to fail with "No Permission" error. *(And Lighttpd will understandably refuse to drop to group 0/root user permissions)*
I'm quite positive this happens because of /root/ being set to drwx------ permissions.
Is there any moderately safe advice, other than relocating the app out from the /root/ folder? Security is really not a massive concern, but solving it as securely as possible would be nice.
Could a symlink owned by lighttpd:lighttpd, placed outside of /root/ perhaps be the simplest solution? Or might that fail since it's target sits inside /root/ ? (though the actual subfolder would be chowned to lighttpd user/group)
linux permissions fastcgi chmod chown
migrated from stackoverflow.com May 2 at 14:26
This question came from our site for professional and enthusiast programmers.
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have a Flask application on a docker solution.
I have configured lighttpd to drop to "lighttpd" user and group.
Problem is: The flask app is part of a bit larger project that's simply being copied into the container at build time. Acting as a web-gui. And this cause the flask+fastcgi solution to be owned by "root" user. And simply chowning the app's folder (and it's subfolders and files) to lighttpd:lighttpd still makes lighttpd to fail with "No Permission" error. *(And Lighttpd will understandably refuse to drop to group 0/root user permissions)*
I'm quite positive this happens because of /root/ being set to drwx------ permissions.
Is there any moderately safe advice, other than relocating the app out from the /root/ folder? Security is really not a massive concern, but solving it as securely as possible would be nice.
Could a symlink owned by lighttpd:lighttpd, placed outside of /root/ perhaps be the simplest solution? Or might that fail since it's target sits inside /root/ ? (though the actual subfolder would be chowned to lighttpd user/group)
linux permissions fastcgi chmod chown
I have a Flask application on a docker solution.
I have configured lighttpd to drop to "lighttpd" user and group.
Problem is: The flask app is part of a bit larger project that's simply being copied into the container at build time. Acting as a web-gui. And this cause the flask+fastcgi solution to be owned by "root" user. And simply chowning the app's folder (and it's subfolders and files) to lighttpd:lighttpd still makes lighttpd to fail with "No Permission" error. *(And Lighttpd will understandably refuse to drop to group 0/root user permissions)*
I'm quite positive this happens because of /root/ being set to drwx------ permissions.
Is there any moderately safe advice, other than relocating the app out from the /root/ folder? Security is really not a massive concern, but solving it as securely as possible would be nice.
Could a symlink owned by lighttpd:lighttpd, placed outside of /root/ perhaps be the simplest solution? Or might that fail since it's target sits inside /root/ ? (though the actual subfolder would be chowned to lighttpd user/group)
linux permissions fastcgi chmod chown
asked Apr 19 at 12:41
DhP
41
41
migrated from stackoverflow.com May 2 at 14:26
This question came from our site for professional and enthusiast programmers.
migrated from stackoverflow.com May 2 at 14:26
This question came from our site for professional and enthusiast programmers.
add a comment |Â
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f441337%2fhow-to-best-solve-user-permission-issue-where-a-lighttpdfastcgi-apps-folder-is%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password