There is no builtin support for mod_ruid2.
You may be able to get it working by modifying the mod_wsgi source code.
Look for:
/*
* Set the ownership of the UNIX listener socket. This would
* normally be the Apache user that the Apache server child
* processes run as, as they are the only processes that
* would connect to the sockets. In the case of ITK MPM,
* having them owned by Apache user is useless as at the
* time the request is to be proxied, the Apache server
* child process will have uid corresponding to the user
* whose request they are handling. For ITK, thus set the
* ownership to be the same as the daemon processes. This is
* still restrictive, in that can only connect to daemon
* process group running under same user, but most of the
* time that is what you would want anyway when using ITK
* MPM.
*/
if (!geteuid()) {
#if defined(MPM_ITK)
if (chown(process->socket, process->uid, -1) < 0) {
#else
if (chown(process->socket, ap_unixd_config.user_id, -1) < 0) {
#endif
ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno), wsgi_server,
"mod_wsgi (pid=%d): Couldn't change owner of unix "
"domain socket '%s'.", getpid(),
process->socket);
return -1;
}
}
You want to the code for the MPM_ITK case to execute. For the ITK MPM
it is a compile time things, but not sure how could accommodate
mod_ruid2 in a similar way at compile time as you would not know if it
is going to be loaded or not.
There has been talk of a configuration directive to allow this to be
dynamically switched in configuration, but that was only seen as
needed where a distro had provided ITK MPM and didn't provide Apache
dev package with correct header files for ITK MPM so Apache modules
could be compiled against it correctly.
Anyway, try changing:
#if defined(MPM_ITK)
if (chown(process->socket, process->uid, -1) < 0) {
#else
if (chown(process->socket, ap_unixd_config.user_id, -1) < 0) {
#endif
to:
/ * #if defined(MPM_ITK) */
if (chown(process->socket, process->uid, -1) < 0) {
/* #else
if (chown(process->socket, ap_unixd_config.user_id, -1) < 0) {
#endif */
In other words, hard wiring it to create socket as UID the daemon
process runs as.
Graham
On 20 July 2012 06:55, slech <[email protected]> wrote:
> Hello Everyone.
> I have an issue to install moin wiki with mod_ruid.
> Moin wiki is python based app and I start it via Apache and mod_wsgi.
> All work fine without mod_ruid2. And also work fine if I manually change
> permission to the /var/run/wsgi/moin.32282.0.1.sock file
>>
>> chown www-moin:www-moin /var/run/wsgi/moin.32282.0.1.sock
>
> or
>>
>> chmod 777 /var/run/wsgi/moin.32282.0.1.sock
>
>
> After restart permission changed and it looks:
>>
>> srwx------ 1 www-data root 0 Jul 20 16:42 moin.32282.0.1.sock
>
>
> My Apache config related settings:
>>
>> RMode config
>> RUidGid www-moin www-moin
>> RGroups www-moin
>>
>> WSGIScriptAlias /web/production/moin/wm/moin.wsgi
>> WSGIDaemonProcess moin user=www-moin group=www-moin processes=5
>> threads=10 maximum-requests=1000 umask=0007
>> WSGIProcessGroup moin
>
>
> As I understand wsgi process start as Apache user (in my case www-moin) but
> maybe at first run(restart, reload) it starts as default Apache user ?
>
> My question is how I can change sock file default permissions ?
>
> Thanks.
>
> --
> You received this message because you are subscribed to the Google Groups
> "modwsgi" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/modwsgi/-/PFHu0mXmDtMJ.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/modwsgi?hl=en.
--
You received this message because you are subscribed to the Google Groups
"modwsgi" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/modwsgi?hl=en.
