> No it isn't possible. >
Disabling site.py may cause a bunch of other issues as far as runtime > environment being set up. > > Well, it is still possible to import it later so environment will be set up. As i said before, the main problem is a bug in site module which prevents python to start while it don't have access to /etc/passwd (which is pointless). You can prevent this by setting the 'HOME' environmental variable BEFORE importing site module (i tested it): http://bugs.python.org/issue10496 > The lack of access to /etc/passwd would cause other problems as well. > > A similar problem arises from case where a uid is not in /etc/passwd. > > What system are you using which doesn't allow access to /etc/passwd? Not > having one would cause problems for a lot of UNIX command tools. > It is the part of our security settings, /etc/passwd simply contains logins of our customers so it's a good idea to hide it where it's not needed. Apache has access to it all the time except from the moment when it starts to run user code (it simply changes hat to more restrictive one using Apparmor and mod_apparmor). I was able to successfully run Python CGI scripts using this handler script: #!/usr/bin/python -S import os os.environ["HOME"] = "NULL" import site execfile(os.environ["PATH_TRANSLATED"]) I would like to do something similar with mod_wsgi - i don't see a reason why mod_wsgi would not allow me to run it with '-S' or setting environmental variables (i tried to set it inside Apache with SetEnv but with no luck). We are giving access to all software only to files which they really need and use and /etc/passwd is really not needed in this case - Apache, Python and wsgi is able to perfectly run without it. -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/modwsgi. For more options, visit https://groups.google.com/d/optout.
