search

unbit / uwsgi

uWSGI application server container
http://projects.unbit.it/uwsgi
Other
3.45k stars 691 forks source link

uwsgi permission problem #1624

Closed AnushaY1 closed 6 years ago

AnushaY1 commented 7 years ago

CentOS release 6.5

  1. testcon.conf server { listen 80 default_server; location / { include /etc/nginx/uwsgi_params; uwsgi_pass unix:/var/www/testapp/azureapi.sock; }

}

  1. config.ini

    [uwsgi] socket=/var/www/testapp/azureapi.sock chdir = /var/www/testapp master=true callable = app wsgi-file = /var/www/testapp/test.py plugin = python

[uwsgi]

uid = uwsgi

gid = uwsgi pidfile = /run/uwsgi/uwsgi.pid emperor = /etc/uwsgi.d stats = /run/uwsgi/stats.sock chmod-socket = 660

emperor-tyrant = true

cap = setgid,setuid

commenting uid and emperor-tyrant then only my application working otherwise it is nt working. can anyone explain reason behind that.

thanks

funkybob commented 7 years ago

What is the owner/group of the vassal ini file itself?

AnushaY1 commented 7 years ago

owner/group ---> uwsgi/nginx

config.ini

[uwsgi] socket = /var/www/azure/azureapi.sock chown-socket = uwsgi:nginx chdir = /var/www/azure master=true callable = app plugin = python wsgi-file = /var/www/azure/azure_api.py process = 5 threads = 2 uid = uwsgi gid = nginx

/etc/uwsgi.ini [uwsgi]

uid = uwsgi

gid = nginx pidfile = /run/uwsgi/uwsgi.pid emperor = /etc/uwsgi.d stats = /run/uwsgi/stats.sock chmod-socket = 660

emperor-tyrant = true

cap = setgid,setuid

funkybob commented 7 years ago

And what user/group is nginx running as? Also what owner/group are you seeing on the created socket file?

AnushaY1 commented 7 years ago

nginx running as nginx user socket file - uwsgi/nginx

funkybob commented 7 years ago

Given the emperor isn't opening a socket, not a lot of sense putting the chmod-socket there instead of in the config.ini.

Also, where are you seeing a permissions error? What is reporting it, when trying to access what? I'm guessing it's nginx trying to access the socket file?

AnushaY1 commented 7 years ago

i am facing below error nginx error log 2017/09/04 14:43:31 [error] 2528#0: *2 connect() to unix:/var/www/azure/azureapi.sock failed (111: Connection refused) while connecting to upstream, client: 10.129.140.119, server: , request: "GET /favicon.ico HTTP/1.1", upstream: "uwsgi://unix:/var/www/azure/azureapi.sock:", host: "10.129.135.43", referrer: application directory drwxr-xr-x. 2 uwsgi nginx 4.0K Sep 4 14:43 azure

socket file created srwxrwxrwx 1 uwsgi nginx 0 Sep 4 14:43 azureapi.sock

config.ini [uwsgi] socket = /var/www/azure/azureapi.sock chdir = /var/www/azure master=true callable = app plugin = python wsgi-file = /var/www/azure/azure_api.py process = 5 threads = 2 uid = uwsgi gid = nginx

/etc/uwsgi.ini

[uwsgi] uid = uwsgi gid = nginx pidfile = /run/uwsgi/uwsgi.pid emperor = /etc/uwsgi.d stats = /run/uwsgi/stats.sock chmod-socket = 660 emperor-tyrant = true cap = setgid,setuid

testcon.conf server { listen 80 default_server; location / { include /etc/nginx/uwsgi_params; uwsgi_pass unix:/var/www/azure/azureapi.sock; } }

funkybob commented 7 years ago

In that case what are the permissions for each dir /var/www/azure/ ?

Are they ok to let your nginx process traverse them?

Also,having "chmod-socket" in your emperor ini file is still pointless.

AnushaY1 commented 7 years ago

--> /var/www/azure/

drwxr-xr-x. 8 root root 4.0K Sep 4 14:49 .. -rw-r--r-- 1 uwsgi nginx 21K Sep 4 15:42 azure_api.py srwxrwxrwx 1 root nginx 0 Sep 6 13:12 azureapi.sock drwxr-xr-x. 2 uwsgi nginx 4.0K Sep 6 13:12 .

azureapi.sock socket file is created root user only. if i given uwsgi user ,the socket file is not created. uwsgi running root user

config.ini [uwsgi] socket = /var/www/azure/azureapi.sock chdir = /var/www/azure master=true callable = app plugin = python wsgi-file = /var/www/azure/azure_api.py process = 5 threads = 2 uid = uwsgi gid = nginx

removed chmod-socket in ini file