search

Copterfly / modwsgi

Automatically exported from code.google.com/p/modwsgi
0 stars 0 forks source link

permission troubles #17

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
user and group stuff does not work correctly. It does something, but not
enough as it seems:

What steps will reproduce the problem?
1. WSGIDaemonProcess localhost user=tw group=tw
2. restart apache2
3. moin can not access stuff although it is tw.tw owned
4. chmod stuff to www-data.www-data and it works

What version of the product are you using? On what operating system?
mod_wsgi 1.0rc1 on Debian Linux etch
apache 2.2.3-4

Apache is started by root (1 apache2 process shows in ps aux with owner
root, others with owner www-data, 1 other with owner tw).

Original issue reported on code.google.com by Thomas.J...@gmail.com on 28 Jul 2007 at 8:40

GoogleCodeExporter commented 9 years ago 
s/chmod/chown/

Original comment by Thomas.J...@gmail.com on 28 Jul 2007 at 8:42

GoogleCodeExporter commented 9 years ago 
a trivial wsgi app that outputs uid, gid, euid and egid, gives: 33 33 33 33

33 == www-data (not tw)

Original comment by Thomas.J...@gmail.com on 28 Jul 2007 at 10:15

GoogleCodeExporter commented 9 years ago 
What user does the main Apache parent process run as?

Are you running any sort of SELinux functionality?

The uid/gid functionality depends on Apache parent being started as root. If 
Apache
isn't being started as root, then it will not be possible for the daemon 
processes to
be switched to the indicated uid/gid.

It is not known at this point how SELinux may affect this. If SELinux means that
Apache isn't started as root, then same issue would apply.

Original comment by Graham.Dumpleton@gmail.com on 28 Jul 2007 at 10:19

GoogleCodeExporter commented 9 years ago 
Sorry, I have overlooked that one needs to use WSGIProcessGroup directive.

Maybe adding some hint ABOVE the options of WSGIDaemonProcess would help like 
You
must use the WSGIProcessGroup to assign to this daemon process.

Original comment by Thomas.J...@gmail.com on 28 Jul 2007 at 10:53

GoogleCodeExporter commented 9 years ago 
In the Configuration Guidelines documentation it already says:

"""To denote that a daemon process should be created the WSGIDaemonProcess 
directive
is used. The WSGIProcessGroup directive is then used to delegate specific WSGI
applications to execute within that daemon process."""

In the Configuration Directives documentation where WSGIDaemonProcess is 
described it
already says:

"""To delegate a particular WSGI application to run in a named set of daemon
processes, the WSGIProcessGroup directive should be specified in appropriate 
context
for that application. If WSGIProcessGroup is not used, the application will be 
run
within the standard Apache child processes."""

Original comment by Graham.Dumpleton@gmail.com on 28 Jul 2007 at 11:01

GoogleCodeExporter commented 9 years ago 
Yeah, I have read this (after wondering for quite a while). It works now.

So the suggestion is just to talk about this earlier, not after describing a 
page of
misc. options. If a very clear hint would have been in the first few paragraphs 
of
WSGIDaemonProcess, it would have saved me some time.

Original comment by Thomas.J...@gmail.com on 28 Jul 2007 at 11:05

GoogleCodeExporter commented 9 years ago 
Problem due to configuration problem. Configuration Directives documentation 
updated
though to mention WSGIProcessGroup earlier in conjunction with description of 
feature.

Original comment by Graham.Dumpleton@gmail.com on 28 Jul 2007 at 11:28