Fixed #7616 -- Added advice on unix socket permissions and umasks to fastcgi deployment documentation. Thanks to Malcolm Tredinnick for the report and advice, and PaulM and cramm for reviewing the patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14276 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-19 00:58:03 +00:00 · 2010-10-19 00:58:03 +00:00 · 3739f89b44
parent 7f9da79bac
commit 3739f89b44
1 changed files with 8 additions and 0 deletions
--- a/docs/howto/deployment/fastcgi.txt
+++ b/docs/howto/deployment/fastcgi.txt
@ -110,6 +110,14 @@ Running a threaded server on a TCP port::
 Running a preforked server on a Unix domain socket::

    ./manage.py runfcgi method=prefork socket=/home/user/mysite.sock pidfile=django.pid
+    
+.. admonition:: Socket security
+
+    Django's default umask requires that the webserver and the Django fastcgi
+    process be run with the same group **and** user. For increased security,
+    you can run them under the same group but as different users. If you do
+    this, you will need to set the umask to 0002 using the ``umask`` argument
+    to ``runfcgi``.

 Run without daemonizing (backgrounding) the process (good for debugging)::