I am using uWSGI (behind nginx) without Emperor, run as a systemd
service.
uwsgi.service:
[Service]
ExecStart=/usr/local/bin/uwsgi --ini /var/www/CONSTANd++/uwsgi_config.ini
(...)
uwsgi_config.ini:
(...)
gid = www-data
uid = www-data
chdir = /var/www/CONSTANd++/constandpp_web/constandpp_web
(...)
terminal:
$ ls -la /var/www/CONSTANd++/constandpp_web/constandpp_web
drwxrwxr-x 5 pdiracdelta www-data 4096 Sep 6 10:42 .
(...)
Clearly, this folder has all permissions for the www-data group, but still when I start this uWSGI service the uWSGI log complains:
(...)
setgid() to 33
setuid() to 33
chdir() to /var/www/CONSTANd++/constandpp_web/constandpp_web
chdir(): Permission denied [core/uwsgi.c line 2591]
chdir(): Permission denied [core/uwsgi.c line 1613]
Why is this happening and how can I fix it? If I remove the uid=www-data
from the uwsgi_config.ini everything starts fine, but then of course the files created by my WSGI application have root ownership, which I don't want.
Best Answer
As it turns out, the www-data user needs permissions for the 'complete' path to your file/folder. This maybe be trickier than you think:
+x
permissions to be able tocd
to a folder ...You can check all (both relative and absolute) path permissions in one command using
namei -m <any_path>
.This is answer is partially based on @Khaled's comments and some more searching: