Using mod_wsgi with mpm_itk: socket permission issue

Posted by djechelon on Server Fault See other posts from Server Fault or by djechelon
Published on 2012-10-05T08:11:23Z Indexed on 2012/10/05 9:39 UTC
Read the original article Hit count: 335

I'm using mod_itk as MPM for increased security in shared environment. I also have a Firefox Sync Server within one of the VHosts I host. That vhost is restricted to a certain user via AssignUserId user group.

The problem is that the socket /var/run/wsgi...whatever.sock is chmodded srwx------ and owned by Apache's wwwrun. While I configured the vhost with

WSGIProcessGroup sync
WSGIDaemonProcess sync user=djechelon group=djechelon processes=1 threads=5

I still get the error that Apache wants to access a socket that is not accessible and because of this gets an error.

Is it possible to configure mod_wsgi in order to create different sockets with different owners for different applications or to chmod its socket in a different way (less secure)?

Currently, I'm running Firefox Sync as the only WSGI application. Moving it to a vhost that doesn't AssignUserId could solve this problem but will force me to change URL (and buy an additional SSL certificate), so I wouldn't consider this

© Server Fault or respective owner

Related posts about apache2

Related posts about permissions