CODEWITHSUNDEEP
pythondjangoapacheapache2redhat
user2194805
user2194805

Reputation: 1379

Python + Django run under a different user on apache2 (httpd), Redhat

i' ve a django application binded to httpd (apache2) on Red hat, and it works well however i' d like to run it under a different username than apache, so if it writes to the filesystem the file' s owner should be newuser. I' m looking for a solution to achieve this.

I tried to use httpd-itk (after this: http://www.webtatic.com/packages/httpd-itk/), but it complains about:

permission denied: mod_wsgi (pid=31322): Unable to connect to WSGI daemon process
'myapp.djangoserver' on '/var/run/wsgi.31085.0.1.sock' after multiple attempts.

After resolving this (by giving 777 permission for test for the file) i still have apache as the file' s owner.

My conf file looks like this:

<VirtualHost *:80>

    ServerName myapp
    ServerAlias myapp 
    DocumentRoot /usr/share/myapp

    <Directory /usr/share/myapp>
        Order allow,deny
        Allow from all
    </Directory>

    WSGIDaemonProcess syntyma.djangoserver processes=10 threads=20 display-name=%{GROUP}
    WSGIProcessGroup myapp.djangoserver

    WSGIScriptAlias / /usr/share/myapp/apache/django.wsgi
    CustomLog logs/myapp-access.log combined
    ErrorLog logs/myapp-error.log

    LogLevel debug
    AssignUserId newuser newuser

</VirtualHost>
WSGISocketPrefix /var/run/wsgi

, and the created testfile:

ls -l /tmp/ggg
-rw-r--r-- 1 apache apache 3 Sep  6 09:46 /tmp/ggg

.

How could i reach my goal with htttpd-itk or any other solution, like some suEXEC, or similar?

Thanks.

Upvotes: 2

Views: 2232

Answers (1)

Paulo Almeida
Paulo Almeida

Reputation: 8071

WSGIDaemonProcess has a user parameter for the user under which the daemon processes will run. In your case:

WSGIDaemonProcess syntyma.djangoserver user=newuser processes=10 etc...

From the documentation:

user=name | user=#uid.rst

Defines the UNIX user name or numeric user uid of the user that the daemon processes should be run as. If this option is not supplied the daemon processes will be run as the same user that Apache would run child processes and as defined by the User directive.

Note that this option is ignored if Apache wasn’t started as the root user, in which case no matter what the settings, the daemon processes will be run as the user that Apache was started as.

Also be aware that mod_wsgi will not allow you to run a daemon process group as the root user due to the security risk of running a web application as root.

Upvotes: 5

Related Questions