IOError: [Errno 13] Permission denied: '/var/tmp/log/nanodemo.log'

[James C]

I am having difficulty writing a simple log file from a Flask 0.10.1 application running using Apache 2.2.15, mod_wsgi 3.5, python 2.6.6 on Red Hat 6.5 instance in the AWS cloud.

The apache log is showing the following error when I attempt to write the log file:

IOError: [Errno 13] Permission denied: '/var/tmp/log/nanodemo.log'

I used this Flask/wsgi tutorial to get things set up:

http://flask.pocoo.org/docs/0.10/deploying/mod_wsgi/

My application resides in /var/www/html/NanoDemo

Permissions on /var/tmp/log are wide open:

drwxrwxrwx. 2 ec2-user ec2-user 4096 Oct 16 16:00 log

/var/www/html/NanoDemo/routes.wsgi:

import sys
sys.path.insert(0, '/var/www/html/NanoDemo')
from routes import app as application

/etc/httpd/conf.d/routes.conf

WSGIDaemonProcess routes user=ec2-user group=ec2-user threads=5 home=/var/www/html/NanoDemo display-name=%{GROUP}


WSGIRestrictStdin Off
WSGIRestrictStdout Off


<VirtualHost *>
    ServerName example.com


    WSGIScriptAlias / /var/www/html/NanoDemo/routes.wsgi


    <Directory /var/www/html/NanoDemo>
        WSGIProcessGroup routes
        WSGIApplicationGroup %{GLOBAL}
        Order deny,allow
        Allow from all
    </Directory>


    LogLevel warn
#    ErrorLog /var/tmp/log/error.log


</VirtualHost>

/etc/httpd/conf.d/wsgi.conf:

LoadModule wsgi_module modules/mod_wsgi.so
WSGISocketPrefix /var/run/wsgi

Any help would be greatly appreciated!

[Graham Dumpleton]

What is currently in the directory:

  /var/tmp/log

and what are the existing permissions and ownerships of the files in there.

Graham

--
You received this message because you are subscribed to the Google Groups "modwsgi" group.
To unsubscribe from this group and stop receiving emails from it, send an email to modwsgi+u...@googlegroups.com.
To post to this group, send email to mod...@googlegroups.com.
Visit this group at http://groups.google.com/group/modwsgi.
For more options, visit https://groups.google.com/d/optout.

[Graham Dumpleton]

On 18/10/2014, at 2:04 AM, James C <jcign...@gmail.com> wrote:

/etc/httpd/conf.d/routes.conf

WSGIRestrictStdin Off


The reasons for setting this to Off are very rare. I would suggest you do not need this.

WSGIRestrictStdout Off


This is the default, and should not be needed.

Graham

[James C]

The permissions/ownership of /var/tmp/log directory is:

drwxrwxrwx. 2 ec2-user ec2-user 4096 Oct 20 12:05 .

The directory is empty.

[Graham Dumpleton]

Two possibilities I can think of.

First is that your WSGI application isn't running as the user you think it is. This may be due to an Apache misconfiguration.

Edit your routes.wsgi program temporarily and incorporate in it some logging which does something similar to what is described in:

http://code.google.com/p/modwsgi/wiki/CheckingYourInstallation#Embedded_Or_Daemon_Mode

Instead of returning it as output from the WSGI application, print out the value of:

    print('mod_wsgi.process_group', environ['mod_wsgi.process_group'])

This will tell you whether your code is in fact running in that daemon process group.

Also add debug print statements to print out what user it is running as:

    import os, pwd

    print('user', pwd.getpwuid(os.getuid()))

Second option is that even if running as same user, you are running with SELinux extensions enabled and that is blocking you from accessing that directory.

Graham