[1.2.X] Fixed #7616 -- Added advice on unix socket permissions and umasks to fastcgi deployment documentation. Thanks to Malcolm Tredinnick for the report and advice, and PaulM and cramm for reviewing the patch.

Backport of [14276] from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@14277 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-19 00:58:34 +00:00 · 2010-10-19 00:58:34 +00:00 · da17c2b84f
parent 4ec58f702b
commit da17c2b84f
1 changed files with 8 additions and 0 deletions
--- a/docs/howto/deployment/fastcgi.txt
+++ b/docs/howto/deployment/fastcgi.txt
@ -111,6 +111,14 @@ Running a threaded server on a TCP port::
 Running a preforked server on a Unix domain socket::

    ./manage.py runfcgi method=prefork socket=/home/user/mysite.sock pidfile=django.pid
+    
+.. admonition:: Socket security
+
+    Django's default umask requires that the webserver and the Django fastcgi
+    process be run with the same group **and** user. For increased security,
+    you can run them under the same group but as different users. If you do
+    this, you will need to set the umask to 0002 using the ``umask`` argument
+    to ``runfcgi``.

 Run without daemonizing (backgrounding) the process (good for debugging)::