From 3739f89b44ab075597f6a43627b4ab8c50563d10 Mon Sep 17 00:00:00 2001 From: Gabriel Hurley Date: Tue, 19 Oct 2010 00:58:03 +0000 Subject: [PATCH] Fixed #7616 -- Added advice on unix socket permissions and umasks to fastcgi deployment documentation. Thanks to Malcolm Tredinnick for the report and advice, and PaulM and cramm for reviewing the patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@14276 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- docs/howto/deployment/fastcgi.txt | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/howto/deployment/fastcgi.txt b/docs/howto/deployment/fastcgi.txt index 54611c36dd..b54755a514 100644 --- a/docs/howto/deployment/fastcgi.txt +++ b/docs/howto/deployment/fastcgi.txt @@ -110,6 +110,14 @@ Running a threaded server on a TCP port:: Running a preforked server on a Unix domain socket:: ./manage.py runfcgi method=prefork socket=/home/user/mysite.sock pidfile=django.pid + +.. admonition:: Socket security + + Django's default umask requires that the webserver and the Django fastcgi + process be run with the same group **and** user. For increased security, + you can run them under the same group but as different users. If you do + this, you will need to set the umask to 0002 using the ``umask`` argument + to ``runfcgi``. Run without daemonizing (backgrounding) the process (good for debugging)::