1

I'm trying to setup my Django app to use uWSGI and Nginx. I'm following this tutorial: http://uwsgi-docs.readthedocs.org/en/latest/tutorials/Django_and_nginx.html

I'm on the "Using Unix sockets instead of ports" step. I tried doing

uwsgi --socket mysite.sock --wsgi-file test.py

but it didn't work (as the tutorial suspected). I looked at

/var/log/nginx/error.log

and it said

2015/05/11 00:20:17 [crit] 1964#0: *13 connect() to unix:///home/a/Documents/CMS/CMS.sock failed (13: Permission denied) while connecting to upstream, client: 127.0.0.1, server: 192.168.174.131, request: "GET / HTTP/1.1", upstream: "uwsgi://unix:///home/a/Documents/CMS/CMS.sock:", host: "127.0.0.1:8000"

When I do

uwsgi --socket mysite.sock --wsgi-file test.py --chmod-socket=666

it works, but when I do

uwsgi --socket mysite.sock --wsgi-file test.py --chmod-socket=664

it gives the "Permission Denied" error again. The tutorial said "You may also have to add your user to nginx’s group (which is probably www-data), or vice-versa, so that nginx can read and write to your socket properly." My superuser for Ubuntu is 'customUser'. I did

sudo usermod -a -G www-data  customUser

to add the user to the www-data group. I then placed this in my CMS_uwsgi.ini file (located in my Django project's folder):

[uwsgi]

# Django-related settings
# the base directory (full path)
chdir           = /home/a/Documents/CMS
# Django's wsgi file
module          = CMS.wsgi
# the virtualenv (full path)
home            = /home/a/.virtualenvs/CMS

# process-related settings
# master
master          = true
# maximum number of worker processes
processes       = 10
# the socket (use the full path to be safe
socket          = /home/a/Documents/CMS/CMS.sock

uid = customUser
gid = www-data
# ... with appropriate permissions - may be needed
chmod-socket    = 664
# clear environment on exit
vacuum          = true

but it still gave me a "Permission Denied" error when I did:

uwsgi --ini CMS_uwsgi.ini

I also tried changing my CMS_uwsgi.ini file to:

uid = www-data
gid = www-data
# ... with appropriate permissions - may be needed
chmod-socket    = 664

but it still returns the "Permission Denied" error. Any idea why?

Note that the tutorial mentioned "You may also have to add your user to nginx’s group (which is probably www-data), OR VICE-VERSA". I added my user to www-data, but I don't know what the "vise-versa" part is.

user2719875
  • 129
  • 1
  • 7
  • 2
    Tutorial means either you add `customUser` to `www-data` group or add `www-data` user to `customUser`'s primary group (in most cases it has the same name, i.e. `customUser`. – jollyroger May 11 '15 at 08:14
  • @jollyroger okay so adding www-data to customUser's primary group solved the issue, so thanks! I have a quick question though, how can I check what access users of the "customUser" group get? Because I don't want www-data to have the ability of a superuser. I just want www-data to have read and write access to the socket. – user2719875 May 11 '15 at 17:08
  • In most cases user has umask `022` that means other users are treated the same as primary group users, so there should be no additional security threats. But beware that in your case `www-data` user _could_ possibly have additional rights in case some file has less restrictive group permissions (like `664` for socket file). I'm not sure about why your first approach didn't work so I haven't answered but commented. If you are satisfied with it, I could move them to answer section so you could accept it as a valid answer. – jollyroger May 11 '15 at 18:06

0 Answers0