mod_wsgi 工作目录和用户 [英] mod_wsgi working directory and user

问题描述

我在 mod_wsgi 上运行 Flask.我在 /var/www/app 上的 Flask 应用程序接收来自用户的一些文件并将其保存到 /var/www/app/tmp 目录.然而，即使在所有 chmod 和 chown(认为这是一个权限问题)之后，我还是无法访问那个 tmp 目录.

I'm running flask on mod_wsgi. my flask app, which is on /var/www/app receives some file from user and saves it to /var/www/app/tmp directory. However even after all chmod and chown(thought it was a permission problem), I was unable to reach that tmp directory.

经过一些调试我发现flask应用程序的当前工作目录是/.我可以通过 os.chdir('/var/www/') 更改工作目录，但出于安全考虑，我想避免这样做.

After some debugging I found out that the current working directory of the flask app is /. I can change working directory by os.chdir('/var/www/'), but I'd like to avoid that for security concerns.

这是我的 apache 配置:

here is my apache configuration:

<VirtualHost *:80>
    ServerName mysite.com
    ServerAlias site.com
    ServerAdmin admin@localhost

    WSGIDaemonProcess app user=www-data group=www-data processes=1
    WSGIScriptAlias / /var/www/app.wsgi

    Alias /static /var/www/app/static

    <Directory /var/www/app>
        WSGIProcessGroup app
        WSGIApplicationGroup %{GLOBAL}
        WSGIScriptReloading On
        Order deny,allow
        Allow from all
    </Directory>

    <Location "/static">
        SetHandler None
    </Location>

</VirtualHost>

如何将我的应用程序的工作目录从 / 更改为 /var/www ?

How can I change working directory of my app from / to /var/www ?

推荐答案

文档WSGIDaemonProcess 说你可以使用 home=... 节:

The documentation for WSGIDaemonProcess says you can use the home=... stanza:

home=directory

定义一个目录的绝对路径，它应该用作守护进程的初始当前工作目录进程组.如果未定义此选项，则在 mod_wsgi 1.X 中Apache 父进程的当前工作目录将是由进程组内的守护进程继承.一般Apache 父进程的当前工作目录将是根目录.在 mod_wsgi 2.0+ 中，初始当前工作目录将被设置为用户的主目录守护进程运行为.

Defines an absolute path of a directory which should be used as the initial current working directory of the daemon processes within the process group. If this option is not defined, in mod_wsgi 1.X the current working directory of the Apache parent process will be inherited by the daemon processes within the process group. Normally the current working directory of the Apache parent process would be the root directory. In mod_wsgi 2.0+ the initial current working directory will be set to be the home directory of the user that the daemon process runs as.

不过，我很好奇——在您看来，为什么使用 os.chdir 会带来更多安全风险?

I'm curious, though -- why would using os.chdir be any more of a security risk in your opinion?

这篇关于mod_wsgi 工作目录和用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！