6

I'm running Ubuntu 12.04 Precise with a DUNG (Django, Unix, Nginx & Gunicorn) environment and my app (as well as various config files) is stored in a python virtual environment inside /srv, which the www-data user has access to.

The nginx & gunicorn processes are all run as www-data.

My web app requires secure credentials which I am storing in an environment.sh file. This file contains various exports and is run using source before the gunicorn processes execute.

My concern is the location of the environment.sh file and it's permissions. Will it be okay storing this file inside the /srv folder where the www-data has access to it? Or should it be stored and owned by root somewhere else such as /var/myapp/environment.sh?

Also, regarding the www-data user, if any of my web processes (which are run as www-data) are compromised and someone gains access to them, does that mean that the user could potentially read any file on the system, even if they can't write? Including my secure keys?

Sencha
  • 313
  • 2
  • 5

1 Answers1

1

You can set user and group IDs in gunicorn configuration that will be used by the worker processes. Set the environmental variables in file owned by root and without read permissions (rw-------). This will save your compromised www-data proccess from reading data directly from configuration file, but compromised www-data proccess can still read variables directly from memory.

ps. +1 for DUNG :)

Andrei Mikhaltsov
  • 3,027
  • 1
  • 23
  • 31