Re: SuspiciousOperation exception on ImageField upload

3,294 views
Skip to first unread message
Message has been deleted
Message has been deleted

Jon Atkinson

unread,
Aug 19, 2008, 11:35:19 AM8/19/08
to django...@googlegroups.com
Marty,

That was the problem, thank you for you help.

--Jon

On Tue, Aug 19, 2008 at 2:13 PM, Marty Alchin <gulo...@gamemusic.org> wrote:
>
> On Tue, Aug 19, 2008 at 8:47 AM, Jon Atkinson <j...@jonatkinson.co.uk> wrote:
>> I'm trying to work with a model which accepts a logo image upload via
>> an ImageField. My a cut down version of my model is below:
>>
>> class Promoter(models.Model):
>> name = models.CharField(max_length=100)
>> logo = models.ImageField(upload_to="/images/promoters/%Y/%m/%d/")
>
> Drop the first slash in your path name.
>
>> When I try to upload the logo via the built-in admin interface, I get
>> the following error:
>>
>> SuspiciousOperation at /admin/promoters/promoter/add/
>> Attempted access to '/images/promoters/2008/08/19/kitten.jpg' denied.
>>
>> In settings.py, my MEDIA_ROOT is set to an accessible directory in my
>> home folder: '/home/username/projectname/media/', and this folder has
>> it's permissions set to 777.
>
> But with that leading slash, you're trying to save to
> /images/promotors/%Y/%m/%d/, not
> /home/username/projectname/media/images/promotors/%Y/%m/%d/ like you
> want. That path probably doesn't exist, and Django would need
> unrestricted access to your system in order to create it for you.
> Needless to say, not a good situation.
>
> That SuspiciousOperation is in place to help prevent Django from
> trying to accidentally read or write from places on your filesystem it
> shouldn't have access to. Just drop the first slash in the path name
> (so it reads upload_to="images/promoters/%Y/%m/%d/") and you'll be all
> set.
>
> -Gul
>
> >
>

Sithembewena Lloyd Dube

unread,
Jul 18, 2012, 11:39:26 AM7/18/12
to django...@googlegroups.com
Hi Binny,

Your problem sounds like one I had months ago. I got this response at the time:

You need to make sure that the same process running your python interpreter has write permissions to your media directory.

From StackOverflow:
"The process that is running your Python interpreter doesn't have permission to write into the media directory. You'll need to either chgrp or chrown the media directory to the same group as your Python process, and ensure you have at least g+rwx on directories and g+rw on files."


On Wed, Jul 18, 2012 at 9:12 AM, binny <abraha...@gmail.com> wrote:
But i want to upload to following path..

/usr/local/apache2/htdocs/goibibo/travelibibo/static/refundsReports/%Y%m%d

And the first back slash is must. I can't remove that. So please let me know how can i handle this case.

Thanks,
Binny


On Tuesday, August 19, 2008 6:17:16 PM UTC+5:30, Jon Atkinson wrote:
Hello,

I'm trying to work with a model which accepts a logo image upload via
an ImageField. My a cut down version of my model is below:

class Promoter(models.Model):
        name = models.CharField(max_length=100)
        logo = models.ImageField(upload_to="/images/promoters/%Y/%m/%d/")

When I try to upload the logo via the built-in admin interface, I get
the following error:

SuspiciousOperation at /admin/promoters/promoter/add/
Attempted access to '/images/promoters/2008/08/19/kitten.jpg' denied.

In settings.py, my MEDIA_ROOT is set to an accessible directory in my
home folder: '/home/username/projectname/media/', and this folder has
it's permissions set to 777.

I'm currently using the ./manage.py webserver, which (I assume) runs
as the same user which starts the process; this is the same user as
owns the folder specified above.

Any ideas what I'm doing wrong here?

--Jon

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/5DiLmGCf_E0J.
To post to this group, send email to django...@googlegroups.com.
To unsubscribe from this group, send email to django-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.



--
Regards,
Sithembewena Lloyd Dube

Thomas Orozco

unread,
Jul 19, 2012, 3:32:44 AM7/19/12
to django...@googlegroups.com

Here you're trying to upload to a directory, whose path starts with a / : /images.

On *nix,  / means system root. Obviously your django process does not have permission to write there unless you set that up so.

You should remove the leading slash in your upload to path. Your files will then upload to your media root.

Then  make sure that your Web process has:

.  write access to the MEDIA_ROOT/images directory (unless the user is the owner of MEDIA_ROOT, it won't have permission to create a directory.)

.  Execution permission on all the directories (not the files in there)  leading to MEDIA_ROOT: Execution permission on a directory means traversal permission.

Don't just chmod -R 777 your way out of this kind of problem, you're going to create major security holes.

Reply all
Reply to author
Forward
0 new messages