Using mod_wsgi with mpm_itk: socket permission issue
Posted
by
djechelon
on Server Fault
See other posts from Server Fault
or by djechelon
Published on 2012-10-05T08:11:23Z
Indexed on
2012/10/05
9:39 UTC
Read the original article
Hit count: 335
I'm using mod_itk
as MPM for increased security in shared environment. I also have a Firefox Sync Server within one of the VHosts I host. That vhost is restricted to a certain user via AssignUserId user group
.
The problem is that the socket /var/run/wsgi...whatever.sock
is chmodded srwx------
and owned by Apache's wwwrun
. While I configured the vhost with
WSGIProcessGroup sync
WSGIDaemonProcess sync user=djechelon group=djechelon processes=1 threads=5
I still get the error that Apache wants to access a socket that is not accessible and because of this gets an error.
Is it possible to configure mod_wsgi in order to create different sockets with different owners for different applications or to chmod its socket in a different way (less secure)?
Currently, I'm running Firefox Sync as the only WSGI application. Moving it to a vhost that doesn't AssignUserId
could solve this problem but will force me to change URL (and buy an additional SSL certificate), so I wouldn't consider this
© Server Fault or respective owner