Mox*_*Mox 2 apache django wsgi selinux
这是一些软件信息
Django 1.8.1 Apache2 Fedora 21
error_log输出
mod_wsgi (pid=8272): Target WSGI script '/var/www/anime/anime/wsgi.py' cannot be loaded as Python module.
mod_wsgi (pid=8272): Exception occurred processing WSGI script '/var/www/anime/anime/wsgi.py'.
Traceback (most recent call last):
File "/usr/lib64/python3.4/logging/config.py", line 557, in configure
handler = self.configure_handler(handlers[name])
File "/usr/lib64/python3.4/logging/config.py", line 725, in configure_handler
result = factory(**kwargs)
File "/usr/lib64/python3.4/logging/__init__.py", line 999, in __init__
StreamHandler.__init__(self, self._open())
File "/usr/lib64/python3.4/logging/__init__.py", line 1023, in _open
return open(self.baseFilename, self.mode, encoding=self.encoding)
PermissionError: [Errno 13] Permission denied: '/var/www/anime/log/info.log'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/var/www/anime/anime/wsgi.py", line 16, in <module>
application = get_wsgi_application()
File "/opt/virtualenvs/django_project/lib64/python3.4/site-packages/django/core/wsgi.py", line 14, in get_wsgi_application
django.setup()
File "/opt/virtualenvs/django_project/lib64/python3.4/site-packages/django/__init__.py", line 17, in setup
configure_logging(settings.LOGGING_CONFIG, settings.LOGGING)
File "/opt/virtualenvs/django_project/lib64/python3.4/site-packages/django/utils/log.py", line 86, in configure_logging
logging_config_func(logging_settings)
File "/usr/lib64/python3.4/logging/config.py", line 789, in dictConfig
dictConfigClass(config).configure()
File "/usr/lib64/python3.4/logging/config.py", line 565, in configure
'%r: %s' % (name, e))
ValueError: Unable to configure handler 'file': [Errno 13] Permission denied: '/var/www/anime/log/info.log'
这是文件上的权限掩码
drwxrwxrwx. 2 apache apache 21 May 28 15:22 .
drwxr-xr-x. 6 apache apache 90 May 28 14:53 ..
-rwxrwxrwx. 1 apache apache 0 May 28 15:22 info.log
我已经搜索过SOF所有可能的解决方案,但没有一个可行.因此我怀疑它与SELinux设置有关?如果是,有人可以告诉我哪个标志需要设置为true?
在阅读SELinux之后,我已经找到了此权限错误的解决方案.我希望它能帮助在RHEL linux下部署生产服务器时遇到类似情况的其他人.
基本上运行命令ls -Z显示以下内容
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 log
该文件夹标有httpd_sys_content_t,不允许httpd对该文件夹进行写访问.因此,我们需要将此标签更改为httpd_sys_rw_content_t
首先,我们需要在fcontext中添加一个条目,以通知SELinux这个文件夹中将创建的文件的默认标签是什么.
sudo semanage fcontext -a -t httpd_sys_rw_content_t "/path/to/directory(/.*)?"
这将在fcontext文件中添加一个条目(/etc/selinux/targeted/contexts/files/file_contexts.local)
接下来,我们需要使用restorecon更新文件夹中文件的所有标签.
sudo restorecon -R -v /path/to/directory
现在,与django日志记录相关的权限错误将从httpd error_log =中消失
| 归档时间: |
|
| 查看次数: |
1326 次 |
| 最近记录: |