It seems that mod_wsgi drops root access not quite right

[GoogleCodeExporter]

I've created a small plugin for Trac which helps in a new project setup,
including creation of the corresponding svn repository.
It contains this peace of code, which supposed to call "svnadmin" command
line utility to create the required svn environment:
...
            import subprocess
            res = subprocess.Popen(['svnadmin', 'create', args['svn_dir']],
                                   stdout=subprocess.PIPE,
                                   stderr=subprocess.PIPE)
            out, err = res.communicate()
            if res.returncode != 0:
                raise TracError(html(err), 'CreateProj')
...

I've tried both mod_wsgi 1.3 and svn trunk, geared by standard configured
httpd 2.2.6 on Fedora 8 linux 32bit, which used to be run under the
"apache:apache" account.

The expected behavior is that a new svn repository is silently created.
Instead of that I've got "svnadmin: Can't open file
'/root/.subversion/servers': Permission denied" Trac error message.

Apache's config is as following:
<VirtualHost 10.0.0.122:443>
    ServerName trac:443

    RewriteEngine On

    # forbid access to the root
    RewriteRule ^/$ - [F]

    # check for environment existance
    RewriteCond %{REQUEST_URI} ^/([^/]+)
    RewriteCond /srv/trac/%1/conf/trac.ini !-f
    RewriteRule . - [F]

    # get ProcessGroup and trac.env_path
    RewriteCond %{REQUEST_URI} ^/([^/]+)
#    RewriteRule . - [E=trac.process_group:%1,E=trac.env_path:/srv/trac/%1]
    RewriteRule . - [E=trac.env_path:/srv/trac/%1]

    WSGIScriptAliasMatch ^/([^/]+) /path-to/trac.wsgi

    <Directory /usr/lib/httpd/modules/fortess>
        SSLRequireSSL
        SetEnv HTTPS yes

        Include conf.d/custom_auth
        Require valid-user

        WSGIApplicationGroup %{GLOBAL}
#        WSGIProcessGroup %{ENV:trac.process_group}

        Order deny,allow
        Allow from all
    </Directory>

    CustomLog logs/trac_external_access_log common

    SSLEngine On
    SSLCertificateFile /etc/pki/tls/certs/trac.crt
    SSLCertificateKeyFile /etc/pki/tls/private/trac.key

</VirtualHost>

And trac.wsgi file is:
# -*- coding: utf-8 -*-
from trac.web.main import dispatch_request as application

----
BTW, this did worked normally with mod_python.

Original issue reported on code.google.com by esizi...@gmail.com on 16 Jan 2008 at 9:52

[GoogleCodeExporter]

Nothing to do with mod_wsgi, it is how Apache works and also partly Python's 
fault for trusting value of HOME 
rather than using home directory from password database on UNIX. See section 
'User HOME Environment 
Variable' in:

  http://code.google.com/p/modwsgi/wiki/ApplicationIssues

If you are running mod_wsgi 1.3 or mod_wsgi 2.0 embedded mode, you must 
override HOME environment 
variable to be correct value.

If using mod_wsgi 2.0 and daemon mode, mod_wsgi will fix up what Apache doesn't 
do properly.

Original comment by Graham.Dumpleton@gmail.com on 16 Jan 2008 at 10:48

• Added labels: Type-Other
• Removed labels: Type-Defect

[GoogleCodeExporter]

Graham, you're the best and I'm only the miserable bastard used not to read 
manuals ;)

This issue has been resolved after your grateful help.

Original comment by esizi...@gmail.com on 16 Jan 2008 at 11:55

[GoogleCodeExporter]

Original comment by Graham.Dumpleton@gmail.com on 16 Jan 2008 at 8:17

• Changed state: WontFix