I'm new to WSGI, but I have a lot of experience with CGI/Python using suexec on RHEL/CentOS 6.8, Apache 2.2. In the past, I've use suexec so that each of my students can run their code as their own UID. I'm hoping to replicate that behavior with WSGI.
I followed the tutorial and directions by Graham Dumpleton here: http://modwsgi.readthedocs.io/en/develop/getting-started.html Things went wrong when I got to this page on the WSGI Daemon Process: http://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIDaemonProcess.html My Python script is Graham's example, no fancy framework code (though I'd like to have that someday). I put the following directives into a file (wsgi-test.conf) in /etc/httpd/conf.d/ and restarted Apache: # cat wsgi-test.conf LogLevel info WSGIScriptAlias /myapp /home/anderson/public_html/myapp.wsgi # This works, app runs as Apache. WSGIDaemonProcess myapp # This works, but still runs as Apache #WSGIDaemonProcess myapp user=anderson # adding this to either daemon process results in a error 503: Service Temporarily Unavailable WSGIProcessGroup myapp As the comments say, if I omit the ProcessGroup directive, the script runs correctly, but runs as Apache (uid=48), which is to be expected. Here's the relevant part of the documentation: To delegate a particular WSGI application to run in a named set of daemon > processes, the WSGIProcessGroup directive should be specified in > appropriate context for that application. If WSGIProcessGroup is not used, > the application will be run within the standard Apache child processes. > Okay, if I add in the WSGIProcessGroup directive, I get the 503 error. The logs say: [Wed Sep 21 17:11:24 2016] [error] [client 149.130.194.56] (13)Permission denied: mod_wsgi (pid=27897): Unable to connect to WSGI daemon process 'myapp' on '/etc/httpd/logs/wsgi.26136.4.1.sock' after multiple attempts. Here's the file it's complaining about: # ls -l /etc/httpd/logs/wsgi.26136.4.1.sock srwx------. 1 apache root 0 Sep 21 16:56 /etc/httpd/logs/wsgi.26136.4.1.sock Note that Apache is started as root, which I believe is necessary for the switching of uid: # ps -ef | grep httpd root 26136 1 0 16:31 ? 00:00:00 /usr/sbin/httpd apache 27889 26136 0 16:56 ? 00:00:00 /usr/sbin/httpd apache 27890 26136 0 16:56 ? 00:00:00 /usr/sbin/httpd apache 27891 26136 0 16:56 ? 00:00:00 /usr/sbin/httpd ... I noticed in the documentation that examples of WSGIProcessGroup often specify a virtual host name, but I don't have to create a virtual host, do I? At this point, I'm out of ideas. I'd appreciate any help. Thanks, Scott D. Anderson [email protected] -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/modwsgi. For more options, visit https://groups.google.com/d/optout.
