Graham, Thanks a lot for the prompt reply.
On Sunday, April 26, 2020 at 11:05:16 PM UTC-4, Graham Dumpleton wrote: > > And did you do anything to configure SELinux to allow httpd access as logs > point out is the problem? > I found this --> https://serverfault.com/questions/626610/selinux-preventing-apache-from-writing-to-a-file I did not understand this facet at all, and it did work when I tried it out. > BTW, giving write access to others, ie., > > -rwxrwxrwx. 1 apache apache 4 Apr 26 20:35 openme > > is bad security practice. > Right -- I should have added that I was just proving that the security should have allowed it under just about any circumstances. > > It actually looks like you did 'chmod -r 0777 .' You should never blindly > give rwx permissions recursively to directories as it changes permissions > on files to stuff they don't need. > > > What I suggest you do if you are just starting out is to not configure > your system Apache at all. Instead use mod_wsgi-express and run it on a non > privileged port out of your own home directory. > > https://pypi.org/project/mod-wsgi/ > http://blog.dscpl.com.au/2015/04/introducing-modwsgi-express.html > > Worry about using system Apache much later when you actually have a need > to permanently deploy it and must use system Apache. > I took a look at this and like the idea. When I issued the command "mod_wsgi-express-3 start-server jsss.wsgi " it started right up surprisingly. Nice. I actually need a fullblown production system pretty soon and it is starting to look like I might get past the permission difficulty, so I think I will continue with the full blown server. My program above is just a little mock up -- I've got a big one staged to go. Mostly I have been a mainframe developer so I am just learning finally a lot of the server stuff. Mike Archbold > Graham > > On 27 Apr 2020, at 12:51 pm, Mike Archbold <[email protected] > <javascript:>> wrote: > > Hi, > > I have tried to understand the prior problems -- sorry, I can't figure it > out from the priors. I'm a newbie to mod_wsgi and Apache trying to create a > python server. I'm self-taught but totally stuck... thanks guys, at a dead > end. It is something I am clueless about. > > --------------------------------------- > > *** This is the guts of the config.d file: > > > Listen 80 > <VirtualHost *:80> > DocumentRoot "/var/www/jsss/html" > ServerName localhost:80 > > > WSGIDaemonProcess jsss processes=1 threads=1 display-name=%{GROUP} > user=apache group=apache > WSGIProcessGroup jsss > > WSGIScriptAlias / /var/www/jsss/jsss.wsgi > > <Directory /var/www/jsss/> > Options All > Require all granted > </Directory> > > > > </VirtualHost> > > --------------------------------------------------------------- > > *** This is my main program, a single line, called from Apache, jsss_wsgi: > > > from jsss_flask_rest import app as application > > --------------------------------------------------------------- > > *** this is the jsss_flask_rest program called from the single line > jsss_wsgi: > > > from flask import Flask, request > from flask_restful import Resource, Api > import subprocess > import sys > import base64 > import os > import getpass > > app = Flask(__name__) > api = Api(app) > > class jsss(Resource): > def get(self): > > f = open("/var/www/jsss/openme","r+") <<<--- dies right > here > > username = getpass.getuser() > > stdout_data = username > > return {"output>": stdout_data} > > > api.add_resource(jsss, '/jsss') > > if __name__ == '__main__': > app.run > > --------------------------------------------------------------- > > *** these are the permissions I set up for the test "openme" file. The > apache should have read access to root. > > -rwxrwxrwx. 1 apache apache 4 Apr 26 20:35 openme > > > --------------------------------------------------------------- > > *** error from apache: > > File "/usr/lib64/python3.6/site-packages/jsss_flask_rest.py", line 17, in > get > [Sun Apr 26 22:01:31.063590 2020] [wsgi:error] [pid 14886:tid > 140318833870592] [remote ::1:37856] f = > open("/var/www/jsss/openme","r+") > [Sun Apr 26 22:01:31.063592 2020] [wsgi:error] [pid 14886:tid > 140318833870592] [remote ::1:37856] PermissionError: [Errno 13] Permission > denied: '/var/www/jsss/openme' > > ----------------------------------------------------------- > > *** error from Linux: > > 22:01:34 setroubleshootd: SELinux is preventing /usr/sbin/httpd from write > access on the file openme. > > ***** Plugin httpd_write_content (92.2 confidence) suggests > *************** > > If you want to allow httpd to have write access on the openme file > Then you need to change the label on 'openme' > Do > # semanage fcontext -a -t httpd_sys_rw_content_t 'openme' > # restorecon -v 'openme' > > ***** Plugin catchall_boolean (7.83 confidence) suggests > ****************** > > If you want to allow httpd to unified > Then you must tell SELinux about this by enabling the 'httpd_unified' > boolean. > > Do > setsebool -P httpd_unified 1 > > ***** Plugin catchall (1.41 confidence) suggests > ************************** > > If you believe that httpd should be allowed write access on the openme > file by default. > Then you should report this as a bug. > You can generate a local policy module to allow this access. > Do > allow this access for now by executing: > # ausearch -c 'httpd' --raw | audit2allow -M my-httpd > # semodule -X 300 -i my-httpd.pp > > > -- > You received this message because you are subscribed to the Google Groups > "modwsgi" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/modwsgi/902c645a-05ca-4dc3-9f0c-51786ea3a668%40googlegroups.com > > <https://groups.google.com/d/msgid/modwsgi/902c645a-05ca-4dc3-9f0c-51786ea3a668%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > > -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/modwsgi/6f02269c-f067-4998-923e-b1fc2be59bcc%40googlegroups.com.
