Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Apache wsgi separate users with virtual hosts |
|
Author |
|
Shaggy1
Joined: 30 Jul 2020 Posts: 11
|
Posted: Sun 20 Oct '24 16:29 Post subject: Apache wsgi separate users with virtual hosts |
|
|
Hi
OS ver:
Code: | $ uname -a
Linux pihomeserver1 5.15.84-v8+ #1613 SMP PREEMPT Thu Jan 5 12:03:08 GMT 2023 aarch64 GNU/Linux |
Code: |
$ cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/" |
apache2 ver:
Code: | $ apache2 -V
[Sat Oct 19 15:22:34.885411 2024] [core:warn] [pid 3146] AH00111: Config variable ${APACHE_RUN_DIR} is not defined
apache2: Syntax error on line 81 of /etc/apache2/apache2.conf: DefaultRuntimeDir must be a valid directory, absolute or relative to ServerRoot
Server version: Apache/2.4.54 (Debian)
Server built: 2022-06-09T04:26:43 |
I am running a local webserver on a Raspberry Pi and currently have all config and web files locally on my laptop where the html files and html generation scripts are in /var/www/html.
I am using python wsgi apps to generate the web pages and currently there are a set of common python files in /var/www/html/wsgi-scripts where the root application for each user is also stored. Web site specific files then all go in /var/www/html/<user>.
My intention is to have a site for each user under the username, /var/www/html/jimmy, /var/www/html/bob etc., but I am not sure the best way to go forward as regards file ownership, permissions and the user apache is run as.
At the moment the apache server as a whole is run as www-data (set, I believe, in /etc/apache2/envvars).
I was hoping (or initially thinking/would like) each users web site be owned by that user, but currently any attempt to write/create files in the directory fails because the app is writing as www-data.
Does anyone know if there is a/what the standard way of organising the ownership/permissions for this sort of set up is, or can suggest a good way of organising it ?
I was thinking of having the common file area owned by www-data and somehow how setting up the VirtualHost for each webssite to run as the user who owns the web site. Is that possible ? and if so how would it be done ? |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7374 Location: Germany, Next to Hamburg
|
Posted: Mon 21 Oct '24 12:05 Post subject: |
|
|
You have to source the ENV vars before doing that.
e.g.
Code: |
source /etc/apache2/envvars
/usr/sbin/apache2ctl -S
| [/code] |
|
Back to top |
|
Shaggy1
Joined: 30 Jul 2020 Posts: 11
|
Posted: Sun 27 Oct '24 13:35 Post subject: |
|
|
> You have to source the ENV vars before doing that.
It was my understanding that the env vars are read automatically by apachectl when it is used to start apace. At least they are all automatically there for me when I start apache. However this does not allow me to specify users for the VirtualHosts / wsgi.
I did some more digging and as far as wsgi processs is concerned noticed that WSGIDaemonProcess has a user= directive which allows you to specify the user the wsgi process is run as. I have tried this and it works for me.
I read that as far as VirtualHost is concerned you should be able to load the mpm-itk module and then use the AssignUserID directive to specify a user for the virtual host. I have not yet tried this. |
|
Back to top |
|
|
|
|
|
|