I'm stuck with a little problem:
I have a website to manage videofiles for different users. Each user can upload videos to a personal folder which I don't want to change because I don't want to mix up files from different users. After uploading the video file I call a subprocess which should create a thumbnail. The subprocess fails because of missing writing permissions. The uploaded file belongs to www-data but the subprocess gets called by the user who runs python.
Basic structure: An apache2 takes requests and leads them to django/python via mod_wsgi.Uploads are located in an uploads-folder which contains one folder per user (also belonging to www-data).
I thought about creating a subfolder which belongs to the python-user but this had to be created dynamically because I want to be able to create new users (and resulting new subfolders in my uploads-folder). Changing the ownership of these folders leads to security leaks, doesn't it?
Do you have any suggestions how I could change my setup to make this thumbnail-creating-process possible without having to touch some folders each time I created a new user?