Thanks, Graham, that works perfectly. I really appreciate your help. I'm now working on setting things up so that each student can deploy a Flask application using WSGI. Wish me luck!
Scott On Wed, Sep 21, 2016 at 11:27 PM, Graham Dumpleton < [email protected]> wrote: > > On 22 Sep 2016, at 12:49 PM, Scott D Anderson < > [email protected]> wrote: > > I'm now able to successfully run my script as a user other than Apache, > thanks to Graham's help. I now want to replicate the "suexec" aspect of CGI > and allow different scripts to run as different users. (I don't necessarily > need Apache to "su" to the script's owner; I'm willing to hard-code that.) > > I created an Apache .conf file to set up two scripts with different users. > (The two scripts are identical; they just have different names): > > LogLevel info > > # My thanks to Graham Dumpleton for this addition > WSGISocketPrefix /var/run/wsgi > > WSGIScriptAlias /scottapp /home/anderson/public_html/myapp-scott.wsgi > WSGIDaemonProcess scottapp *user=anderson* > WSGIProcessGroup scottapp > > WSGIScriptAlias /cs304app /home/anderson/public_html/myapp-cs304.wsgi > WSGIDaemonProcess cs304app *user=cs304* > WSGIProcessGroup cs304app > > Both urls are running as the "cs304" user; neither runs as "anderson". So, > it seems the second value overwrote the first, and that there can be only > one value for WSGIDaemonProcess. Is that right? I've read and re-read the > docs on WSGIDaemonProcess and WSGIProcessGroup, and I can't be sure. > > Is there a way to get the behavior I want, where I can have each allowed > user to run their script as their personal UID, instead of as Apache? > > > Use: > > WSGIDaemonProcess scottapp user=anderson > WSGIScriptAlias /scottapp /home/anderson/public_html/myapp-scott.wsgi > process-group=scottapp > > WSGIDaemonProcess cs304app user=cs304 > WSGIScriptAlias /cs304app /home/anderson/public_html/myapp-cs304.wsgi > process-group=cs304app > > If you set WSGIProcessGroup in same context, the last one will win. You > would either need to qualify it with a Location/Directory directive, or > just use those options on WSGIScriptAlias to force it to use that daemon > process group. The WSGIDaemonProcess directive for a group must come before > WSGIScriptAlias using it when doing that. > > Graham > > -- > You received this message because you are subscribed to the Google Groups > "modwsgi" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/modwsgi. > For more options, visit https://groups.google.com/d/optout. > -- Scott D. Anderson Computer Science Department Wellesley College [email protected] [email protected] -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/modwsgi. For more options, visit https://groups.google.com/d/optout.
