I followed this guide to setup my Django application to work with my nginx webserver. However upon testing I discovered that www data group did not have access to my applications static files and returned a 403 error. The solution to this in the comments is to run sudo usermod -a -G your-user www-data. However is this a security risk as we are blanket defeating the entire purpose of the www-data group?
Add a comment
|
1 Answer
By adding the www-data user to your personal user group, you're giving it access to any files and directories that your personal user group has access to, which could potentially be exploited if your web server was compromised.
So, please, execute
sudo chown -R www-data:www-data /path/to/static/files
and then restarting Nginx and Gunicorn.
