How to best solve user permission issue where a Lighttpd+FastCGI app's folder is located in /root/?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I have a Flask application on a docker solution.



I have configured lighttpd to drop to "lighttpd" user and group.



Problem is: The flask app is part of a bit larger project that's simply being copied into the container at build time. Acting as a web-gui. And this cause the flask+fastcgi solution to be owned by "root" user. And simply chowning the app's folder (and it's subfolders and files) to lighttpd:lighttpd still makes lighttpd to fail with "No Permission" error. *(And Lighttpd will understandably refuse to drop to group 0/root user permissions)*



I'm quite positive this happens because of /root/ being set to drwx------ permissions.



Is there any moderately safe advice, other than relocating the app out from the /root/ folder? Security is really not a massive concern, but solving it as securely as possible would be nice.



Could a symlink owned by lighttpd:lighttpd, placed outside of /root/ perhaps be the simplest solution? Or might that fail since it's target sits inside /root/ ? (though the actual subfolder would be chowned to lighttpd user/group)







share|improve this question











migrated from stackoverflow.com May 2 at 14:26


This question came from our site for professional and enthusiast programmers.


















    up vote
    0
    down vote

    favorite












    I have a Flask application on a docker solution.



    I have configured lighttpd to drop to "lighttpd" user and group.



    Problem is: The flask app is part of a bit larger project that's simply being copied into the container at build time. Acting as a web-gui. And this cause the flask+fastcgi solution to be owned by "root" user. And simply chowning the app's folder (and it's subfolders and files) to lighttpd:lighttpd still makes lighttpd to fail with "No Permission" error. *(And Lighttpd will understandably refuse to drop to group 0/root user permissions)*



    I'm quite positive this happens because of /root/ being set to drwx------ permissions.



    Is there any moderately safe advice, other than relocating the app out from the /root/ folder? Security is really not a massive concern, but solving it as securely as possible would be nice.



    Could a symlink owned by lighttpd:lighttpd, placed outside of /root/ perhaps be the simplest solution? Or might that fail since it's target sits inside /root/ ? (though the actual subfolder would be chowned to lighttpd user/group)







    share|improve this question











    migrated from stackoverflow.com May 2 at 14:26


    This question came from our site for professional and enthusiast programmers.
















      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I have a Flask application on a docker solution.



      I have configured lighttpd to drop to "lighttpd" user and group.



      Problem is: The flask app is part of a bit larger project that's simply being copied into the container at build time. Acting as a web-gui. And this cause the flask+fastcgi solution to be owned by "root" user. And simply chowning the app's folder (and it's subfolders and files) to lighttpd:lighttpd still makes lighttpd to fail with "No Permission" error. *(And Lighttpd will understandably refuse to drop to group 0/root user permissions)*



      I'm quite positive this happens because of /root/ being set to drwx------ permissions.



      Is there any moderately safe advice, other than relocating the app out from the /root/ folder? Security is really not a massive concern, but solving it as securely as possible would be nice.



      Could a symlink owned by lighttpd:lighttpd, placed outside of /root/ perhaps be the simplest solution? Or might that fail since it's target sits inside /root/ ? (though the actual subfolder would be chowned to lighttpd user/group)







      share|improve this question











      I have a Flask application on a docker solution.



      I have configured lighttpd to drop to "lighttpd" user and group.



      Problem is: The flask app is part of a bit larger project that's simply being copied into the container at build time. Acting as a web-gui. And this cause the flask+fastcgi solution to be owned by "root" user. And simply chowning the app's folder (and it's subfolders and files) to lighttpd:lighttpd still makes lighttpd to fail with "No Permission" error. *(And Lighttpd will understandably refuse to drop to group 0/root user permissions)*



      I'm quite positive this happens because of /root/ being set to drwx------ permissions.



      Is there any moderately safe advice, other than relocating the app out from the /root/ folder? Security is really not a massive concern, but solving it as securely as possible would be nice.



      Could a symlink owned by lighttpd:lighttpd, placed outside of /root/ perhaps be the simplest solution? Or might that fail since it's target sits inside /root/ ? (though the actual subfolder would be chowned to lighttpd user/group)









      share|improve this question










      share|improve this question




      share|improve this question









      asked Apr 19 at 12:41









      DhP

      41




      41




      migrated from stackoverflow.com May 2 at 14:26


      This question came from our site for professional and enthusiast programmers.






      migrated from stackoverflow.com May 2 at 14:26


      This question came from our site for professional and enthusiast programmers.



























          active

          oldest

          votes











          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );








           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f441337%2fhow-to-best-solve-user-permission-issue-where-a-lighttpdfastcgi-apps-folder-is%23new-answer', 'question_page');

          );

          Post as a guest



































          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes










           

          draft saved


          draft discarded


























           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f441337%2fhow-to-best-solve-user-permission-issue-where-a-lighttpdfastcgi-apps-folder-is%23new-answer', 'question_page');

          );

          Post as a guest













































































          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Displaying single band from multi-band raster using QGIS

          How many registers does an x86_64 CPU actually have?