WebFaction
Community site: login faq

hi,

I have installed django-filebrowser and in the logs I get this error:

SuspiciousOperation: Attempted access to '/home/xpanta/webapps/application/myproject/static/' denied.

This exception is thrown by filebrowser.

How can I give permission to all my installed apps have access to the static folder?

asked 03 Dec '11, 05:21

xpanta
623344
accept rate: 0%


The error you're seeing actually comes from Django's core/files/storage.py module, and not from the filebrowser module. Here's the code that generates the error:

def path(self, name):
    try:
        path = safe_join(self.location, name)
    except ValueError:
        raise SuspiciousOperation("Attempted access to '%s' denied." % name)
    return os.path.normpath(path)

The safe_join function is is Django's utils/_os.py module:

def safe_join(base, *paths):
    """
    Joins one or more path components to the base path component intelligently.
    Returns a normalized, absolute version of the final path.

    The final path must be located inside of the base path component (otherwise
    a ValueError is raised).
    """
    # We need to use normcase to ensure we don't false-negative on case
    # insensitive operating systems (like Windows).
    base = force_unicode(base)
    paths = [force_unicode(p) for p in paths]
    final_path = normcase(abspathu(join(base, *paths)))
    base_path = normcase(abspathu(base))
    base_path_len = len(base_path)
    # Ensure final_path starts with base_path and that the next character after
    # the final path is os.sep (or nothing, in which case final_path must be
    # equal to base_path).
    if not final_path.startswith(base_path) \
       or final_path[base_path_len:base_path_len+1] not in ('', sep):
        raise ValueError('the joined path is located outside of the base path'
                         ' component')
    return final_path

So, there are no permission checks here at all - it's just checking that the upload path lies within some other path.

If you activate debug mode on your site and then take whatever action is needed to through the error, the debug info should show you the paths that are being used in the comparison, which should give you a pretty good idea of what needs to be fixed.

permanent link

answered 03 Dec '11, 13:21

seanf
12.2k42136
accept rate: 37%

you are right. However I am still not sure what needs to be fixed and what path is the one the upload path should lie within.

(03 Dec '11, 13:53) xpanta

Neither am I, because I haven't seen the debug info. :)

If you'd rather not share that here in the public forum, feel free to open a support ticket to give us the info.

(03 Dec '11, 14:02) seanf

ok, I just opened a support ticket. :)

(04 Dec '11, 01:46) xpanta

Hi,

I'm assuming you use a symlink app to serve your static files. I believe this could cause a problem like the one you're having if you link to your static files using the symlink path instead of the real path, as it might be considered outside of the base path for your project. Please check your settings.py to see if you've defined the path using the symlink in some places, while using the real path in others.

If this doesn't fix the problem, please open a support ticket, so we can take a closer look.

permanent link

answered 03 Dec '11, 05:40

todork
1.2k5
accept rate: 34%

yes. I use a symlink app to serve static files from this directory. Filebrowser needs its own 'directory' to store uploaded files. For that purpose I have create an 'uploads/' directory inside the 'static/' directory (which of course it is referenced by the symlink app).

Can you suggest a workaround for this? I can use another directory in another place, but how can I serve its content through nginx?

(03 Dec '11, 11:42) xpanta
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×910
×125
×5

question asked: 03 Dec '11, 05:21

question was seen: 7,295 times

last updated: 04 Dec '11, 01:46

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2020 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM