Try 770 with the directory's group set to the effective group of the Apache process. If you need to get even finer, look into mod_wsgi's daemon mode, or FastCGI, under either of which your Django app could run as its own user. Then you could ratchet the directory permissions down to 700 and ensure no other apps can touch it.
On May 27, 2008, at 7:52 PM, Michael Ellis wrote: > > I'm using sorl-thumbnails on Apache. It's working fine, except > permissions on the directory in which it writes the thumbnails — / > media/images — must be set to 777. For obvious security reasons, I'd > like to work around this somehow...or at least minimize the threat. > Any suggestions? > > Thanks! > ME > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
