Django/mod_wsgi OSError: [Errno 13] Permission den

2019-02-17 11:18发布

问题:

I have a Django 1.4 application on a Centos 6.2 server (running apache, mysql, php) using mod_wsgi with my project deployed in a virtual env. The application itself is one I've been using for several years on a hosted service and I am now deploying on my own rackspace cloud server. The exact version of the app is running fine elsewhere, so this issue is about how I have deployed it. It's my first python/django deployment - I have set up dozens of LAMP sites previously, so it's my lack of familiarity with Django deployments that is clearly holding me back.

The app works fine on my server with DEBUG = TRUE in the project's settings.py file, but when I change this to FALSE the front-end of the site produces [500] Internal Server Errors.

I am aware that with DEBUG set to OFF, apache is now serving my static files via mod_wsgi (mod_wsgi is working fine), which leads me to believe 'something' in my configuration is preventing this. I have run the ./manage.py collectstatic command which populated the /static directory in the /myproject folder.

I have been working on this for weeks now, reading as many deployment guides as I can find, but so far no joy. Your assistance would be very much appreciated.

Here are the relevant declarations in my project's settings.py file:

############ settings.py #############

SITE_ROOT = os.path.realpath(os.path.dirname(__file__))
MEDIA_ROOT = '/opt/virtual/myproject/static/localtv/media/'
MEDIA_URL = 'http://example.org/static/localtv/media/'
STATIC_ROOT = '/opt/virtual/myproject/static/'
STATIC_URL = 'http://example.org/static/'

And here is the wsgi.py file:

############# wsgi.py #################
import os
import sys
import site
site.addsitedir('/opt/virtual/myapp/lib/python2.7/site-packages')

apache_configuration= os.path.dirname(__file__)
project = os.path.dirname(apache_configuration)

sys.path.append('/opt/virtual')
sys.path.append('/opt/virtual/myproject')

os.environ['DJANGO_SETTINGS_MODULE'] = 'myproject.settings'

import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()

My virtual host declaration in httpd.conf looks like this:

############ virtual host declaration in httpd.conf ##############
<VirtualHost *:80>
ServerName example.org
ServerAlias www.example.org
DocumentRoot /opt/virtual/myproject

Alias /robots.txt /opt/virtual/myproject/static/robots.txt
Alias /favicon.ico /opt/virtual/myproject/static/favicon.ico

AliasMatch ^/([^/]*\.css) /opt/virtual/myproject/static/styles/$1

Alias /static/ /opt/virtual/myproject/static/
Alias /media/ /opt/virtual/myproject/static/media
Alias /images /opt/virtual/myproject/static/images

<Directory /opt/virtual/myproject/static>
Order deny,allow
Allow from all
</Directory>

<Directory /opt/virtual/myproject/static/media>
Order deny,allow
Allow from all
</Directory>

WSGIDaemonProcess example.org python-path=/opt/virtual/myapp/lib/python2.7/site-packages
WSGIProcessGroup example.org

WSGIScriptAlias / /opt/virtual/myproject/application/wsgi.py

<Directory /opt/virtual/myproject>
<Files wsgi.py>
Order allow,deny
Allow from all
</Files>
</Directory>

My .bashrc file in /ROOT looks like this:

########### .bashrc ##################

# User specific aliases and functions

alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'

# Source global definitions
if [ -f /etc/bashrc ]; then
    . /etc/bashrc
fi

# User specific aliases and functions
alias python='/opt/bin/python2.7'

export PYTHONPATH=/opt/virtual/myapp/lib/python2.7/site-packages:$PYTHONPATH

And finally, my error_log showing the Traceback:

    ############### error_log ###############
    [Mon Jul 09 09:21:13 2012] [error] <WSGIRequest
    [Mon Jul 09 09:21:13 2012] [error] path:/,
    [Mon Jul 09 09:21:13 2012] [error] GET:<QueryDict: {}>,
    [Mon Jul 09 09:21:13 2012] [error] POST:<QueryDict: {}>,
    [Mon Jul 09 09:21:13 2012] [error]  'DOCUMENT_ROOT': '/opt/virtual/myproject',
    [Mon Jul 09 09:21:13 2012] [error]  'GATEWAY_INTERFACE': 'CGI/1.1',
    [Mon Jul 09 09:21:13 2012] [error]  'HTTP_ACCEPT': "*/*",
    [Mon Jul 09 09:21:13 2012] [error]  'HTTP_HOST': 'example.org',
    [Mon Jul 09 09:21:13 2012] [error]  'HTTP_USER_AGENT': 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',
    [Mon Jul 09 09:21:13 2012] [error]  'PATH_INFO': u'/',
    [Mon Jul 09 09:21:13 2012] [error]  'PATH_TRANSLATED': '/opt/virtual/myproject/application/wsgi.py/',
    [Mon Jul 09 09:21:13 2012] [error]  'QUERY_STRING': '',
    [Mon Jul 09 09:21:13 2012] [error]  'REMOTE_ADDR': '99.99.99.99',
    [Mon Jul 09 09:21:13 2012] [error]  'REMOTE_PORT': '99999',
    [Mon Jul 09 09:21:13 2012] [error]  'REQUEST_METHOD': 'GET',
    [Mon Jul 09 09:21:13 2012] [error]  'REQUEST_URI': '/',
    [Mon Jul 09 09:21:13 2012] [error]  'SCRIPT_FILENAME': '/opt/virtual/myproject/application/wsgi.py',
    [Mon Jul 09 09:21:13 2012] [error]  'SCRIPT_NAME': u'',
    [Mon Jul 09 09:21:13 2012] [error]  'SERVER_ADDR': '111.111.111.111',
    [Mon Jul 09 09:21:13 2012] [error]  'SERVER_ADMIN': 'root@localhost',
    [Mon Jul 09 09:21:13 2012] [error]  'SERVER_NAME': 'example.org',
    [Mon Jul 09 09:21:13 2012] [error]  'SERVER_PORT': '80',
    [Mon Jul 09 09:21:13 2012] [error]  'SERVER_PROTOCOL': 'HTTP/1.0',
    [Mon Jul 09 09:21:13 2012] [error]  'SERVER_SIGNATURE': '<address>Apache/2.2.15 (CentOS) Server at example.org Port 80</address>\\n',
    [Mon Jul 09 09:21:13 2012] [error]  'SERVER_SOFTWARE': 'Apache/2.2.15 (CentOS)',
    [Mon Jul 09 09:21:13 2012] [error]  'mod_wsgi.application_group': 'example.org|',
    [Mon Jul 09 09:21:13 2012] [error]  'mod_wsgi.callable_object': 'application',
    [Mon Jul 09 09:21:13 2012] [error]  'mod_wsgi.handler_script': '',
    [Mon Jul 09 09:21:13 2012] [error]  'mod_wsgi.input_chunked': '0',
    [Mon Jul 09 09:21:13 2012] [error]  'mod_wsgi.listener_host': '',
    [Mon Jul 09 09:21:13 2012] [error]  'mod_wsgi.listener_port': '80',
    [Mon Jul 09 09:21:13 2012] [error]  'mod_wsgi.process_group': 'example.org',
    [Mon Jul 09 09:21:13 2012] [error]  'mod_wsgi.request_handler': 'wsgi-script',
    [Mon Jul 09 09:21:13 2012] [error]  'mod_wsgi.script_reloading': '1',
    [Mon Jul 09 09:21:13 2012] [error]  'mod_wsgi.version': (3, 3),
    [Mon Jul 09 09:21:13 2012] [error]  'wsgi.errors': <mod_wsgi.Log object at 0x7f34321aa530>,
    [Mon Jul 09 09:21:13 2012] [error]  'wsgi.file_wrapper': <built-in method file_wrapper of mod_wsgi.Adapter object at 0x7f34320e4e40>,
    [Mon Jul 09 09:21:13 2012] [error]  'wsgi.input': <mod_wsgi.Input object at 0x7f34320e02b0>,
    [Mon Jul 09 09:21:13 2012] [error]  'wsgi.multiprocess': False,
    [Mon Jul 09 09:21:13 2012] [error]  'wsgi.multithread': True,
    [Mon Jul 09 09:21:13 2012] [error]  'wsgi.run_once': False,
    [Mon Jul 09 09:21:13 2012] [error]  'wsgi.url_scheme': 'http',
    [Mon Jul 09 09:21:13 2012] [error]  'wsgi.version': (1, 1)}>
    [Mon Jul 09 09:21:13 2012] [error] -------------------------------------------------------------------------------
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99] mod_wsgi (pid=21520): Exception occurred processing WSGI script '/opt/virtual/myproject/application/wsgi.py'.
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99] Traceback (most recent call last):
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/core/handlers/wsgi.py", line 241, in __call__
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     response = self.get_response(request)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/core/handlers/base.py", line 179, in get_response
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     response = self.handle_uncaught_exception(request, resolver, sys.exc_info())
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/core/handlers/base.py", line 228, in handle_uncaught_exception
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     return callback(request, **param_dict)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/utils/decorators.py", line 91, in _wrapped_view
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     response = view_func(request, *args, **kwargs)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/views/defaults.py", line 33, in server_error
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     return http.HttpResponseServerError(t.render(Context({})))
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/template/base.py", line 140, in render
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     return self._render(context)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/template/base.py", line 134, in _render
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     return self.nodelist.render(context)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/template/base.py", line 823, in render
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     bit = self.render_node(node, context)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/template/base.py", line 837, in render_node
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     return node.render(context)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/template/loader_tags.py", line 123, in render
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     return compiled_parent._render(context)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/template/base.py", line 134, in _render
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     return self.nodelist.render(context)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/template/base.py", line 823, in render
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     bit = self.render_node(node, context)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/template/base.py", line 837, in render_node
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     return node.render(context)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/template/loader_tags.py", line 62, in render
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     result = block.nodelist.render(context)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/template/base.py", line 823, in render
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     bit = self.render_node(node, context)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/template/base.py", line 837, in render_node
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     response = view_func(request, *args, **kwargs)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/views/defaults.py", line 33, in server_error
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     return http.HttpResponseServerError(t.render(Context({})))
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/template/base.py", line 140, in render
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     return self._render(context)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/template/base.py", line 134, in _render
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     return self.nodelist.render(context)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/template/base.py", line 823, in render
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     bit = self.render_node(node, context)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/template/base.py", line 837, in render_node
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     return node.render(context)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/template/loader_tags.py", line 123, in render
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     return compiled_parent._render(context)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/template/base.py", line 134, in _render
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     return self.nodelist.render(context)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/template/base.py", line 823, in render
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     bit = self.render_node(node, context)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/template/base.py", line 837, in render_node
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     return node.render(context)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/template/loader_tags.py", line 62, in render
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     result = block.nodelist.render(context)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/template/base.py", line 823, in render
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     bit = self.render_node(node, context)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/template/base.py", line 837, in render_node
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     return node.render(context)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/compressor/templatetags/compress.py", line 91, in render
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     rendered_output = compressor.output(self.mode, forced=forced)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/compressor/css.py", line 53, in output
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     ret.append(subnode.output(*args, **kwargs))
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/compressor/css.py", line 55, in output
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     return super(CssCompressor, self).output(*args, **kwargs)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/compressor/base.py", line 221, in output
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     finished_content = self.handle_output(mode, filtered_content, forced)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/compressor/base.py", line 233, in handle_output
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     return output_func(mode, content, forced)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/compressor/base.py", line 245, in output_file
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     self.storage.save(new_filepath, ContentFile(content))
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/core/files/storage.py", line 45, in save
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     name = self._save(name, content)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/site-packages/django/core/files/storage.py", line 168, in _save
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     os.makedirs(directory)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]   File "/opt/virtual/myapp/lib/python2.7/os.py", line 157, in makedirs
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99]     mkdir(name, mode)
    [Mon Jul 09 09:21:13 2012] [error] [client 99.99.99.99] OSError: [Errno 13] Permission denied: '/opt/virtual/myproject/static/CACHE/css'

回答1:

I have been receiving the same error as you under almost similar conditions (I was running Ubuntu, not CentOS).

As you noticed, when running with DEBUG = FALSE, you are in fact running through wsgi. This means that when running with DEBUG = TRUE, you are actually using your user's privileges, while when running with DEBUG = FALSE, you are running using Apache's user's privileges. The user that Apache uses is www-data.

www-data is neither the owner nor in the group of users that own /var/www. This means that www-data is treated as other and has the permissions set to others.

The BAD solution to this would be to do:

sudo chmod -R 777 /var/www/

This would give everyone full access to everything in /var/www/, which is obviously a very bad idea.

Another BAD solution would be to do:

sudo chown -R www-data /var/www/

This would change the owner to www-data, which opens security vulnerabilities.

The GOOD solution would be:

sudo groupadd varwwwusers
sudo adduser www-data varwwwusers
sudo chgrp -R varwwwusers /var/www/
sudo chmod -R 770 /var/www/

This adds www-data to the varwwwusers group, which is then set as the group for /var/www/ and all of its subfolders. chmod will give read, write, execute permissions to the owner and the group, while blocking any other users from accessing it.