mod_wsgi unable to connect WSGI daemon process

Asked 6/9, 2016 at 10:20 Answered 11/4, 2018 at 6:19

I am using Easy apache 4, mod_wsgi, and Python 3.5. When I called a Django project in the server I got the following error:

(13)Permission denied: mod_wsgi (pid=24223): Unable to connect to WSGI daemon
process 'user123' on '/var/run/wsgi.8442.6.7.sock' as user with uid=3708.

Sellers answered 6/9, 2016 at 10:20 Comment(0)

Your Apache installation is likely set up to run with SECURE privileges mode. This means that the Apache child worker process is forked and privileges dropped before handling the request, which in this case is simply trying to proxy the request through to the mod_wsgi daemon process. The consequence of this is that it cannot connect to the socket for the daemon process, as it was setup with ownership to match the original Apache child worker process before privileges were dropped.

This is evident because the error message has uid in the range of a normal user and not the special apache or nobody user.

To fix it, you need to modify the WSGIDaemonProcess directive configuration and add the option:

socket-user=#3708

or:

socket-user=username

where username is replaced with the actual name of the user with uid of 3708.

The addition of this option seems to be required due to recent changes in CPanel configurations for Apache.

Vetter answered 6/9, 2016 at 20:41 Comment(1)

I'm getting this error with uid=33 (www-data) if running service apache2 reload, but not if running service apache2 restart. Is that indicating something bad or is it ok? – Marche 19/6, 2020 at 10:43

Sometime socket-user setting does not work. This may occur because of WSGISocketPrefix path not found

If it is VPS:

WSGISocketPrefix /var/run/wsgi
If you are in a shared hosting:

WSGISocketPrefix ../../var/run/wsgi

Thank You

Inure answered 11/4, 2018 at 6:19 Comment(4)

As per comment on your answer elsewhere, why a relative path. It is magic you probably need to explain. – Vetter 11/4, 2018 at 7:9

The path/var/run/ user123 do not have access to that folder.Only root and approved users have. So we need to show a path for wsgi socket. @GrahamDumpleton Sir do I need to explain more?I will if it is not – Inure 12/4, 2018 at 10:56

Your proposed solution though doesn't actually help with what the question was about. The only solution for when SECURE privileges mode is used, as was the case here, is that socket-user option. Your answer is dealing with a separate problem, which is the default runtime directory on some Linux distros is not accessible to the Apache user. This separate issue is described in the mod_wsgi documentation at modwsgi.readthedocs.io/en/develop/user-guides/… – Vetter 12/4, 2018 at 11:5

yes @GrahamDumpleton thank you for the clarification. I will keep both in mind next time.Actually I was trying to add in the answer the other way also.You are correct – Inure 13/4, 2018 at 5:37

Recommended topics

Hot tags