I'm new to WSGI, but I have a lot of experience with CGI/Python using 
suexec on RHEL/CentOS 6.8, Apache 2.2.  In the past, I've use suexec so 
that each of my students can run their code as their own UID.  I'm hoping 
to replicate that behavior with WSGI.

I followed the tutorial and directions by Graham Dumpleton 
here: http://modwsgi.readthedocs.io/en/develop/getting-started.html 

Things went wrong when I got to this page on the WSGI Daemon 
Process: 
http://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIDaemonProcess.html

My Python script is Graham's example, no fancy framework code (though I'd 
like to have that someday). 

I put the following directives into a file (wsgi-test.conf) in 
/etc/httpd/conf.d/ and restarted Apache:

# cat wsgi-test.conf

LogLevel info

WSGIScriptAlias /myapp /home/anderson/public_html/myapp.wsgi


# This works, app runs as Apache. 

WSGIDaemonProcess myapp


# This works, but still runs as Apache

#WSGIDaemonProcess myapp user=anderson


# adding this to either daemon process results in a error 503: Service 
Temporarily Unavailable

WSGIProcessGroup myapp


As the comments say, if I omit the ProcessGroup directive, the script runs 
correctly, but runs as Apache (uid=48), which is to be expected. Here's the 
relevant part of the documentation:


To delegate a particular WSGI application to run in a named set of daemon 
> processes, the WSGIProcessGroup directive should be specified in 
> appropriate context for that application. If WSGIProcessGroup is not used, 
> the application will be run within the standard Apache child processes.
>

Okay, if I add in the WSGIProcessGroup directive, I get the 503 error. The 
logs say:


[Wed Sep 21 17:11:24 2016] [error] [client 149.130.194.56] (13)Permission 
denied: mod_wsgi (pid=27897): Unable to connect to WSGI daemon process 
'myapp' on '/etc/httpd/logs/wsgi.26136.4.1.sock' after multiple attempts.


Here's the file it's complaining about:


# ls -l /etc/httpd/logs/wsgi.26136.4.1.sock 

srwx------. 1 apache root 0 Sep 21 16:56 /etc/httpd/logs/wsgi.26136.4.1.sock


Note that Apache is started as root, which I believe is necessary for the 
switching of uid:


# ps -ef | grep httpd

root     26136     1  0 16:31 ?        00:00:00 /usr/sbin/httpd

apache   27889 26136  0 16:56 ?        00:00:00 /usr/sbin/httpd

apache   27890 26136  0 16:56 ?        00:00:00 /usr/sbin/httpd

apache   27891 26136  0 16:56 ?        00:00:00 /usr/sbin/httpd

...


I noticed in the documentation that examples of WSGIProcessGroup often 
specify a virtual host name, but I don't have to create a virtual host, do 
I?


At this point, I'm out of ideas. I'd appreciate any help.


Thanks,


Scott D. Anderson

scott.ander...@wellesley.edu






-- 
You received this message because you are subscribed to the Google Groups 
"modwsgi" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to modwsgi+unsubscr...@googlegroups.com.
To post to this group, send email to modwsgi@googlegroups.com.
Visit this group at https://groups.google.com/group/modwsgi.
For more options, visit https://groups.google.com/d/optout.

Reply via email to