I'm very a new comer to apache and django, so execuse me if the real question is simple. I'm attempting to deploy a current site for an apache server. For the moment, the website continues to be in development and so i am only implementing it as being a virtualhost on my small local machine. I'm using Django's WSGI module within the deployment. During my site's config file, I've the next aliases:

Alias /media/ /home/tester/Desktop/siteRootDir/media
Alias /content/ /home/tester/Desktop/siteRootDir/content
WSGIScriptAlias /c /home/tester/Desktop/siteRootDir/deploy/site.wsgi

After I run apache and visit localhost/c I had been obtaining the (13)PermissionDenied error within the apache log. To obtain around that error, I (admitedly stupidly) went

chmod -R 777 /home/tester/Desktop/siteRootDir

I understand that's not the way in which to handle the problem, however i wanted the website to operate in order to continue its development.

So my real question is, do you know the correct permission configurations towards the siteRootDir directory and it is sub-sites so that the website will run and I don't expose unnecessary files within the directory.

Also, I recognize that this isn't a perfect setup and that i will probably encounter problems after i deploy the website being produced. Can anybody please advise a better business method of this? Thanks!

The smallest permissions possible could be 0600 for files and 0700 for dir's so that as a owner the consumer possessing the apache processes. This user differs per OS and flavor (e.g. for OSX it's www, for Debian/Ubuntu it's www-data).

This could most likely too tight for any development server. A minimum of do you want to have the ability to modify all of your files using your IDE of text editor, so either you need to add ACLs on your own (i.e. the consumer that edits the Django files, templates and static files).

Also, inside a production server you would like the apache user to have the ability to email sites that hold web submitted content. That might be somewhere inside your static files section (or on the different devoted static files server).