> I was trying to debug an issue yesterday so I wanted to remove nginx from > the equation. I downloaded the latest version of uwsgi (0.9.6.5) and tried > the new -http option. I normally launch with sudo and then set the uid and > gid to a user called 'hats' like so: > > $ sudo /usr/local/bin/uwsgi --http 123.123.123.123:8000 -x > /var/hats/releases/current/hats/uwsgi.xml -H > /var/hats/releases/current/hats --uid hats --gid hats > [sudo] password for poswald: > [uWSGI] parsing config file /var/hats/releases/current/hats/uwsgi.xml > *** Starting uWSGI 0.9.6.5 (64bit) on [Fri Dec 10 03:43:28 2010] *** > compiled with version: 4.4.1 > Python version: 2.6.4 (r264:75706, Dec 7 2009, 18:59:58) > [GCC 4.4.1] > uWSGI running as root, you can use --uid/--gid/--chroot options > setgid() to 1001 > setuid() to 104 > *** WARNING: you are running uWSGI without its master process manager *** > your memory page size is 4096 bytes > binding on TCP port: 8000 > using 1291952608_9325.sock as uwsgi protocol socket > starting HTTP loop on dev03 (pid: 9325) > allocated 640 bytes (0 KB) for 1 request's buffer. > Setting PythonHome to /var/hats/releases/current/hats... > binding on UNIX socket: 1291952608_9325.sock > bind(): Permission denied [socket.c line 48] > closing uWSGI embedded HTTP server. > > $ uwsgi --version > uWSGI 0.9.6.5 > > > > If I remove the --uid option it works correctly. It seems like it creates > the socket, drops to a different user, and then can't connect to the > socket. I tried adding the -C option but that didn't help either. Is this > expected behavior?
Yes it is the expected behaviour but i do not know if it is the right behaviour :) If yoy do not specify a --socket/-s option in http mode, it will bind to a randomize-named unix socket that must have write permission on the current directory. In your case (after the setuid()) you do not have those privileges. If you add something like --socket /tmp/mysock.sock the problem should disappear (you can even use tcp socket) Probably i should add an option (like --chdir2 that chdir() later than --chdir) that will bind sockets before setuid() -- Roberto De Ioris http://unbit.it _______________________________________________ uWSGI mailing list [email protected] http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
