uWSGI Emperor权限被拒绝,除非root [英] uWSGI Emperor Permission Denied unless root
问题描述
我尝试使用二进制文件本身的标志(--uid www-data --gid www-data)并将其设置在我的配置中:
I've tried using the flags on the binary itself (--uid www-data --gid www-data) and setting it in my config:
uid = www-data
gid = www-data
但是套接字始终是使用我正在使用的帐户生成的,所以我收到nginx的权限被拒绝错误.
but the socket is always spawned with the account I'm working with, so i'm getting a permission denied error from nginx.
有人知道这是为什么吗?
Anyone know why this is?
其他问题:有人知道用户在哪里设置了nginx和uwsgi吗?我有一台一直在工作的服务器,并且在任何配置文件中都没有设置uid或gid,但是一切都使用了www-data.
Additional question: Does anyone know where nginx and uwsgi have the user set? I have another server which has been working forever, and it does not have uid or gid set in any of the config files, yet everything is using www-data as it should.
答案显然,如果您按照我的尝试从终端启动服务,即(user @ server:〜/$ uwsgi --uid www-data --gid www-data) ,它将始终由调用它的用户启动并运行,这解释了为什么我觉得它没有遵循我的uid和gid标志.当我按如下所述运行它时,它确实以正确的用户/组www-data运行.
ANSWER Apparently if you start the service from the terminal as I was trying to do, ie (user@server:~/$ uwsgi --uid www-data --gid www-data), it will always start and run with the user who called it which explains why I felt it wasn't obeying my uid and gid flags. When i run it as mentioned below, it does run with the correct user/group, www-data.
已更新
正如您所说的,我正在启动uWSGI,"sudo服务uwsgi start"应该触发该文件(/etc/init/uwsgi.conf):
I'm starting uWSGI as you have said, "sudo service uwsgi start" which should be triggering this file (/etc/init/uwsgi.conf):
description "uWSGI"
start on runlevel [2345]
stop on runlevel [06]
respawn
env UWSGI=/home/ccadmin/.local/bin/uwsgi
env LOGTO=/var/log/uwsgi/emperor.log
exec $UWSGI --master --emperor /etc/uwsgi/vassals --die-on-term --uid www-data --gid www-data --logto $LOGTO
但是在这种配置下,我的emperor.log文件显示:
However with this configuration my emperor.log file says:
execvp(): Permission denied [core/emperor.c line 1481]
[emperor] binary path: /home/ccadmin/.local/bin/uwsgi
[emperor] is the uwsgi binary in your system PATH ?
TIME STAMP - [emperor] curse the uwsgi instance cc_uwsgi.ini (pid: ####)
TIME STAMP - [emperor] removed uwsgi instance cc_uwsgi.ini
如果我将--uid和--gid更改为root,则一切正常.它一定是一些简单的权限,但是对于linux来说,这是很陌生的,我发现很难查明.
If I change the --uid and --gid to root, then it all works fine. It must be some simple permission thing, but being new to linux, I'm finding it very hard to pinpoint.
奇怪的是,它正在向我询问我的系统路径中的uwsgi二进制文件...应该存在吗?因为我已经将/home/ccadmin/.local/bin添加到/etc/environment中的系统路径中.不应该在那里吗?还是应该一直到二进制文件? (即,将/home/ccadmin/.local/bin/uwsgi insetad刚添加到/bin)
Also strange that it is asking me about the uwsgi binary in my system path... is it supposed to be there? Because i have added /home/ccadmin/.local/bin to my system path in /etc/environment. Should it not be there? or should it go all the way to the binary? (ie, adding /home/ccadmin/.local/bin/uwsgi insetad of just to /bin)
推荐答案
暴君模式(安全的多用户托管)
Tyrant mode (secure multi-user hosting)
在暴君"模式下,皇帝将使用其配置文件的UID/GID运行附庸国...
In Tyrant mode the Emperor will run the vassal with the UID/GID of its configuration file...
http://uwsgi-docs.readthedocs.org/en/latest/Emperor.html#tyrant-mode-secure-multi-user-hosting
我以前没有使用皇帝模式.希望能对您有所帮助.
I didn't use emperor mode before. Hope that can help.
这篇关于uWSGI Emperor权限被拒绝,除非root的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
