Cant get permissions right to run uWSGI Emperor

 

I'm having a hell of a time trying to get Ubuntu + uWSGI + nginx running as my web server.

Below are my configs, and the information that is in my emperor.log file:

nginx config: 

server {
    listen        80;
    server_name   localhost;
    charset       utf-8;
    client_max_body_size 5M;

    location / { try_files $uri @cc; }
    location @cc {
        include uwsgi_params;
        uwsgi_pass unix:/tmp/cc/cc_uwsgi.sock;
    }
}

uwsgi config: 

[uwsgi]
base = /srv/www/cc

app = hello
module = %(app)

socket = /tmp/cc/%n.sock

chmod-socket = 664
uid = www-data
gid = www-data

callable = app

logto = /var/log/uwsgi/%n.log

emperor config: 

#/etc/init/uwsgi.conf

description "uWSGI"
start on runlevel [2345]
stop on runlevel [06]
respawn

env UWSGI=/home/ccadmin/.local/bin/uwsgi
env LOGTO=/var/log/uwsgi/emperor.log

exec $UWSGI --master --emperor /etc/uwsgi/vassals --die-on-term --uid www-data --gid www-data --logto $LOGTO

However with this configuration my emperor.log file says: 

execvp(): Permission denied [core/emperor.c line 1481]
[emperor] binary path: /home/ccadmin/.local/bin/uwsgi
[emperor] is the uwsgi binary in your system PATH ?
TIME STAMP - [emperor] curse the uwsgi instance cc_uwsgi.ini (pid: ####)
TIME STAMP - [emperor] removed uwsgi instance cc_uwsgi.ini

If I change the --uid and --gid to root, then it all works fine. It must be some simple permission thing, but being new to linux, I'm finding it very hard to pinpoint.

Also strange that it is asking me about the uwsgi binary in my system path... is it supposed to be there? Because i have added /home/ccadmin/.local/bin to my system path in /etc/environment. Should it not be there? or should it go all the way to the binary? (ie, adding /home/ccadmin/.local/bin/uwsgi insetad of just to /bin)

Did a couple things to make this work: 

sudo chown -R ccadmin:www-data /home/ccadmin/
sudo chmod -R 774 /home/ccadmin/

Now the emperor has access to the uwsgi binary and all is good!

I am curious if the above is a security problem, though, not knowing much about linux.

链接地址: http://www.djcxy.com/p/65940.html

上一篇: UWSGI没有运行Django项目

下一篇: 不能获得运行uWSGI Emperor的权限