Error 13: Permission Denied

UG-SEP · April 16, 2024, 1:31pm

Hey everyone,

I encountered an issue at the production level Whenever I am trying to update/add a model that contains media files it shows error 13: Permission denied

First I checked whether I have the read/write and update permission of the directory under the project and found that yes they do have the permission.

Screenshot 2024-04-16 185600

I checked out the settings.py file but didn’t get anything wrong.

settings.py

MEDIA_URL = "/media/"
MEDIA_ROOT = BASE_DIR / "media"
STATIC_URL = "/static/"
STATIC_FILE_ROOT = BASE_DIR / "static"
STATICFILES_DIRS = ((BASE_DIR / "static"),)
STATIC_ROOT = BASE_DIR / "assets"

urls.py

urlpatterns = (
    [
        path("admin/", admin.site.urls),
        path("", include("web.urls", namespace="web")),
        path("", include("order.urls", namespace="order")),
        path("main/", include("main.urls", namespace="main")),
        path("product/", include("products.urls", namespace="product")),
        path("accounts/", include("accounts.urls", namespace="accounts")),
        path("accounts/", include("registration.backends.simple.urls")),
        path(
            "sitemap.xml",
            TemplateView.as_view(template_name="sitemap.xml", content_type="text/xml"),
        ),
        path(
            "robots.txt",
            TemplateView.as_view(template_name="robots.txt", content_type="text/plain"),
        ),
        path(
            "OneSignalSDKWorker.js",
            TemplateView.as_view(
                template_name="OneSignalSDKWorker.js", content_type="text/javascript"
            ),
        ),
    ]
    + static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)
    + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
)

I know there are some issues with media files but I can’t figure it out.

It is working correctly in the local host

KenWhitesell · April 16, 2024, 1:41pm

How are you running your project? What UID is the process running under?

Note: For checking permissions, you need to look through the complete directory tree.

Also, I always recommend that media and static files not be stored under “home”. Since they should be served primarily by the web server, the directories in which they are saved should be stored in a common location, such as /var/www for static files or perhaps /opt/media for media files.

UG-SEP · April 16, 2024, 1:46pm

Yes @KenWhitesell I knew that we should store the static and media files in /var/www and opt/media but actually this is my client project and someone else has hosted it on digital ocean with ubuntu and apache2 server

UG-SEP · April 16, 2024, 1:48pm

what information should I send you so you can detect the issue

KenWhitesell · April 16, 2024, 1:54pm

Start with the questions I asked before:

Then you have the professional responsibility to identify the security implications of doing things wrong, and explaining how and why they’re putting their system at risk by doing it this way.

UG-SEP · April 16, 2024, 2:22pm

@KenWhitesell I am using Apache2 and ubuntu - 22.04.1 to run my project hosted on digital ocean

Python - 3.10.12
Django - 4.2.7
Postgresql: 14.11

The process is running under root , systemd+ , postgres , django , www-data , message+ , syslog , postfix , and sshd UID

Can you specify me for which process do you want the UID

The project UID is root

Do let me know if you need something else

KenWhitesell · April 16, 2024, 2:34pm

Basically, I’m trying to understand what UID your python code is running as.

Are you running it under mod_wsgi? If so, then what is the UID running it?

Or, are you proxying the requests through to something like uwsgi or gunicorn? If that’s the case then I need to know the UID for those processes (either uwsgi or gunicorn, whichever is being used).

UG-SEP · April 16, 2024, 3:02pm

Ohh, So I am using mod_wsgi and the UID is www-data

KenWhitesell · April 16, 2024, 3:06pm

So that means that every directory above the static and media directories need to be readable by www-data, and the media directory itself needs to be writable by www-data.

UG-SEP · April 16, 2024, 3:29pm

Thank you @KenWhitesell I have fixed it thank you a lot for your guidance and yeah I will alert the client about the potential security issues.

Man, you have a lot of experience.
Privileged that you are helping us on the Django Community

That’s the big reason I love Django the support system is very very strong due to people like you.

Topic		Replies	Views
Getting 'Permission Denied 403' using Digital Ocean “Spaces” to server static and media files Deployment	0	523	January 23, 2024
Attempt to write a Read only database Deployment	18	5653	March 11, 2024
Permission error on live server Deployment	12	3176	June 14, 2022
Strange issue with STATIC and MEDIA files in production Mystery Errors	11	3625	September 30, 2024
Serving Media files from nginx Deployment	7	414	May 22, 2024

Error 13: Permission Denied

Related topics