Best practices for linux user permissions to run web application as?

For location, choose what seems best to you. Here are some considerations to help out:

Locations under /var are for files which change in size, or generally are "variable."
/srv generally indicates files related to some service running on the machine.
/home should usually be reserved for interactive users. You can set a system user's home directory to anything, though.

For security, you should segment as much as possible. The app should not run as the same user as the web server, so that it can't be abused to read sensitive files relating to the server itself (.htaccess or whatever). The app's binary files (or for Django, the python source) should be owned by root, without write access to the application user.

Here's my 2 cents on how to set it up:

Django app: /usr/lib/appname/ or /usr/lib/python/site-packages/appname/ if installed. Owned by root, chmod 644.
App's files (e.g. sqlite db file, Unix socket for FastCGI, uploaded file storage, etc): /var/lib/appname/. Owned by app-user, chmod 600.
app-user's shell is /bin/nologin, home is /var/lib/appname/. User has no configured password.

CodeHunter

Best practices for linux user permissions to run web application as?

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last