Mod_wsgi working directory and user

Question

Mod_wsgi working directory and user

I run the flask on mod_wsgi. my jar application, which is located on /var/www/app , receives some file from the user and saves it in the directory /var/www/app/tmp . However, even after all chmod and chown (thought it was a permission problem), I was unable to get to this tmp directory.

After some debugging, I found out that the current working directory of the flash application is / . I can change the working directory to os.chdir('/var/www/') , but I would like to avoid this for security problems.

here is my apache configuration:

 <VirtualHost *:80> ServerName mysite.com ServerAlias site.com ServerAdmin admin@localhost WSGIDaemonProcess app user=www-data group=www-data processes=1 WSGIScriptAlias / /var/www/app.wsgi Alias /static /var/www/app/static <Directory /var/www/app> WSGIProcessGroup app WSGIApplicationGroup %{GLOBAL} WSGIScriptReloading On Order deny,allow Allow from all </Directory> <Location "/static"> SetHandler None </Location> </VirtualHost>

How to change the working directory of my application from / to /var/www ?

+8

python apache2 mod-wsgi

thkang Feb 11 '13 at 8:47

source share

1 answer

AKX · Accepted Answer · 2013-02-11T08:50:24+0000

The documentation for WSGIDaemonProcess says you can use the stanza home=... :

home = catalog
Defines the absolute directory path to be used as the initial current working directory of the daemon processes within the process group. If this parameter is not defined, in mod_wsgi 1.X, the current working directory of the parent Apache process will be inherited by daemon processes in the process group. As usual, the current working directory of the parent Apache process will be the root directory. In mod_wsgi 2.0+, the initial current working directory will be set to the user's home directory, which the daemon process runs as.

I'm curious, but why use os.chdir rather a security risk, in your opinion?

Mod_wsgi working directory and user

More articles: