You should not be doing a chown or a chmod. Neither should be necessary. If Apache is being started as root and the Apache user is called 'apache', then the WSGI socket files should have ownership as follows:
User: apache Group: wheel or daemon or whatever you OS uses for daemon processes The permissions of the WSGI socket files should from memory be 0600. Ie., rw------- The problems with access to socket is usually because the directory permissions are wrong, not the socket files themselves. The directory must be accessible to the Apache user. On RedHat derived systems, the permissions are locked down so that the DEFAULT_REL_RUNTIMEDIR for Apache is not accessible to the Apache user. It is not appropriate to be giving that directory less restrictive permissions. The solution on RedHat derived systems is that you use: WSGISocketPrefix run/wsgi The 'run' symlink under Apache root should refer to a directory which is accessible by Apache user. This directory would normally be: /var/run Recently RedHat have been changing the location of the run directory so that it is actually: /var/run/httpd The 'run' symlink still references it though. Initially though, whoever decided to do that was creating the directory permissions in a way which like the original DEFAULT_REL_RUNTIMEDIR was too restrictive and various Apache modules where code running as Apache user couldn't access lock files and other run time stuff in that directory. Ie., they had: drwx------ 2 root root 0 Mar 17 15:16 /var/run/httpd See: https://bugzilla.redhat.com/show_bug.cgi?id=495780 To fix the issue properly, they amended the packaged permissions for the directory as: 0710,root,apache drwx--x--- 2 root apache 0 Mar 17 15:16 /var/run/httpd Now that I have said all that to provide some context for all the issues around this. Do the following: 1. Shutdown Apache. 2. Go to /var/run and as root remove any old WSGI lock files. rm wsgi.*.sock 3. Ensure that the original permissions and ownership of the /var/run directory are restored to their system defaults. 4. Start Apache. 5. Send me a long directory list of the /var/run directory. ls -las /var/run 6. Send me what settings you have for User/Group directives in Apache. 7. Send me a 'ps' listing show the Apache processes. ps auxwwww | grep httpd or: ps auxwwww | grep apache Basically I want to see what the ownership permissions are before you started fiddling with anything. There is no point just telling me what you changed things to as then can't work out what original issue may be. Graham On 8 February 2010 00:31, PatrickB <[email protected]> wrote: > I did both, but it just refuses to work :( > > On Feb 7, 2:06 pm, Clodoaldo Neto <[email protected]> wrote: >> 2010/2/7 PatrickB <[email protected]> >> >> > I guess the chmoding worked because the default permission there is >> > 700 on the sockets. And because the owner is apache.apache, while my >> > WSGI processes run as user/group patrick.patrick, trac.trac or another >> > user/group. >> >> > WSGISocketPrefix is not set, so all the sockets end up in /var/run/ >> > httpd. >> > If I do "chown root.apache /var/run/httpd" then I get 503 errors >> > again :( >> > This also happens when I chmod it to 2750. >> >> Just to be sure you did it right: The chown and chmod should be both done >> not one or the other. >> >> Clodoaldo >> >> >> >> >> >> > I also tried "chmod 2775 /var/run/httpd", but that doesn't work >> > either. The sockets still have the permission 700... >> >> > Regards, PatrickB >> >> > On Feb 7, 1:42 pm, Clodoaldo Neto <[email protected]> wrote: >> > > 2010/2/7 PatrickB <[email protected]> >> >> > > > Hello, >> >> > > > I'm using mod_wsgi to host a few Django sites, a few Trac sites and >> > > > some Mercurial repositories. I recently moved from one big mod_wsgi >> > > > interpreter to a few interpreters by using WSGIDaemonProcess. This was >> > > > working semi-fine, since I forgot to assign directories to the daemon >> > > > processes. I did that now, and I got a load of error messages in all >> > > > the logs. The error messages where something like this: >> >> > > > [Sun Feb 07 13:00:55 2010] [error] [client 65.55.106.162] >> > > > (13)Permission denied: mod_wsgi (pid=19109): Unable to connect to WSGI >> > > > daemon process 'patrickbregman.eu' on '/var/run/wsgi.19074.0.2.sock' >> > > > after multiple attempts. >> >> > > > I "fixed" this by doing a "chmod 777 /var/run/httpd/wsgi.* ", which >> > > > seems to work. For now. Is there a better solution known, or should I >> > > > just modify my Apache initscript to do this for me every time? Not a >> > > > big problem for me, but it isn't a very nice solution in my opninion. >> >> > > If mod_wsgi was trying to connect to /var/run/wsgi.#.sock then how >> > chmoding >> > > /var/run/httpd/wsgi.* worked? >> >> > > What is the value of the WSGISocketPrefix directive? >> >> > > You can try to chown root.apache the /var/run/httpd directory and then >> > chmod >> > > it to 2750. >> >> > > Regards, Clodoaldo >> >> > > > Thanks in advance, >> > > > PatrickB >> >> > > > -- >> > > > You received this message because you are subscribed to the Google >> > Groups >> > > "modwsgi" group. >> > > > To post to this group, send email to [email protected]. >> > > > To unsubscribe from this group, send email to >> >> > > [email protected]<modwsgi%[email protected] >> > > > >> > <modwsgi%[email protected]<modwsgi%252bunsubscr...@googlegroup >> > s.com>> >> > > .> For more options, visit this group at >> >> > >http://groups.google.com/group/modwsgi?hl=en. >> >> > -- >> > You received this message because you are subscribed to the Google Groups >> > "modwsgi" group. >> > To post to this group, send email to [email protected]. >> > To unsubscribe from this group, send email to >> > [email protected]<modwsgi%[email protected] >> > > >> > . >> > For more options, visit this group at >> >http://groups.google.com/group/modwsgi?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "modwsgi" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/modwsgi?hl=en. > > -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/modwsgi?hl=en.
