我如何以受限访问用户的身份运行 uWSGI? [英] How do I run uWSGI as a limited-access user?

问题描述

我在 NGINX + uWSGI 中设置了 Django.我能够在我当前登录的用户下正常运行(在 问题 几天前我问过)但现在我想以受限访问用户的身份运行 uwsgi --ini uwsgi.ini.

I have Django setup in NGINX + uWSGI. I'm able to get it running fine under my current logged in user (with help from a question I asked few days back) but now I want to run uwsgi --ini uwsgi.ini as a limited-access user.

这是我到目前为止所做的:
1. 创建了一个没有登录权限和主目录的用户 djangouser.
2. 将用户nginx加入djangouser
组3.将我的django文件放到/mnt/django目录下，将django的文件权限改为drwxrwx--- djangouser djangouser(递归)
4. 更改 conf 文件以匹配文件位置

uwsgi.ini 文件

Here is what I've done so far:
1. Created a user djangouser without login access and without a home directory.
2. Added user nginx into group djangouser
3. Placed my django files into /mnt/django directory and changed file permissions of django to drwxrwx--- djangouser djangouser (recursive)
4. Changed the conf files to match the file locations

uwsgi.ini file

[uwsgi]
chdir=/mnt/django/project/awssite
module=awssite.wsgi
home=/mnt/django/project
master=true
processes=2
uid=djangouser
gid=djangouser
socket=/mnt/django/djangosocket/awssite.socket
chmod-socket
vacuum=true

当我尝试运行 uwsgi --ini uwsgi.ini 时，这是我得到的错误

When I try to run uwsgi --ini uwsgi.ini, this is the error I get

[uWSGI] getting INI configuration from uwsgi.ini
*** Starting uWSGI 2.0.12 (64bit) on [Thu Feb 18 00:18:25 2016] ***
compiled with version: 4.8.3 20140911 (Red Hat 4.8.3-9) on 01 February 2016 04:17:11
os: Linux-4.1.13-19.31.amzn1.x86_64 #1 SMP Wed Jan 20 00:25:47 UTC 2016
nodename: ip-10-200-1-89
machine: x86_64
clock source: unix
detected number of CPU cores: 1
current working directory: /home/ec2-user
detected binary path: /usr/local/bin/uwsgi
!!! no internal routing support, rebuild with pcre support !!!
chdir() to /mnt/django/project/awssite
chdir(): Permission denied [core/uwsgi.c line 2586]
chdir(): Permission denied [core/uwsgi.c line 1608]

注意:当我将登录用户添加到 djangouser 组时，uwsgi --ini uwsgi.ini 运行良好，我能够加载 Django 页面.

Note: When I added my logged in user to djangouser group, uwsgi --ini uwsgi.ini ran fine and I was able to load the django pages.

我不确定还可以在哪里添加权限以允许此操作.在 uwsgi.ini 中添加 sudo chown-socket=djangouser:djangouser 也不起作用.

I'm not sure where else to add permissions to allow this to work. Adding sudo chown-socket=djangouser:djangouser in uwsgi.ini didn't work either.

感谢您的帮助:)

推荐答案

如果你想以特定用户身份运行 uWSGI，只有 2 个选项:

If you want to run uWSGI as particular user, there are only 2 options:

1. 直接从此用户运行uWSGI服务器
2. 以 root 身份运行 uWSGI 并添加 uid 和 gid 选项.

这篇关于我如何以受限访问用户的身份运行 uWSGI?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！