Uwsgi permission denied on chdir that does have permissions for that uid

I am using uWSGI (behind nginx) without Emperor, run as a systemd service.

uwsgi.service:

[Service]
ExecStart=/usr/local/bin/uwsgi --ini /var/www/CONSTANd++/uwsgi_config.ini
(...)

uwsgi_config.ini:

(...)
gid = www-data
uid = www-data
chdir = /var/www/CONSTANd++/constandpp_web/constandpp_web
(...)

terminal:

$ ls -la /var/www/CONSTANd++/constandpp_web/constandpp_web
drwxrwxr-x 5 pdiracdelta www-data  4096 Sep  6 10:42 .
(...)

Clearly, this folder has all permissions for the www-data group, but still when I start this uWSGI service the uWSGI log complains:

(...)
setgid() to 33
setuid() to 33
chdir() to /var/www/CONSTANd++/constandpp_web/constandpp_web
chdir(): Permission denied [core/uwsgi.c line 2591]
chdir(): Permission denied [core/uwsgi.c line 1613]

Why is this happening and how can I fix it? If I remove the uid=www-data from the uwsgi_config.ini everything starts fine, but then of course the files created by my WSGI application have root ownership, which I don't want.

Best Answer

As it turns out, the www-data user needs permissions for the 'complete' path to your file/folder. This maybe be trickier than you think:

The www-data user needs to have +x permissions to be able to cd to a folder ...
... and also in each parent folder specified in the path you are using ...
... and also, if a symlink is involved, in each parent folder of the absolute path to that file/folder.

You can check all (both relative and absolute) path permissions in one command using namei -m <any_path>.

This is answer is partially based on @Khaled's comments and some more searching:

Best Answer

Related Solutions

Linux – rsync: chdir /test failed : Permission denied (13)

Linux – Allow all users of a group to start and stop zope using supervisorctl

Related Topic