WebFaction
Community site: login faq
0
2

I'm working with another person on my Django project, and I need him to be able to start/stop/restart my Apache instance.

I've messed around with filesystem permissions, but nothing seems to work.

What do I need to do to make this work?

asked 15 Nov '11, 18:04

seanf
12.2k41836
accept rate: 37%


First, ask yourself: does my extra user really need to restart Apache, or does he just need to reload code to see his changes?

If it's just for reloading code, then there's no need to restart Apache, since mod_wsgi can reload code automatically:

First, make whatever edits to your code, then run:

touch /home/username/webapps/appname/myproject/myproject/wsgi.py

(Obviously, change the user name, app name, and project name to match the path to your `wsgi.py`.)

Then, just reload the page in your browser and Apache will re-spawn the child httpd.worker processes with the updated code.

If your extra user still needs to do a full restart for some reason, you can set up a CGI script that can be called via the web:

  1. Create a Static/CGI/PHP-7.0 app via the control panel. For this example, I will name the app "restarter".
  2. Add that app to your Django site via our control panel, with whatever URL path you want (like "/restart").
  3. Delete the index.html from the restarter app directory.
  4. Create index.cgi in the restarter app directory with the following contents:
        #!/bin/sh
        echo "Content-type: text/plain"
        echo ""
        echo "Restarting application..."
        /home/username/webapps/appname/apache2/bin/restart
        echo "done."
        ps -u username -o lstart,pid,command

Finally, set the permission on index.cgi to 711, eg:

    chmod 711 /home/username/webapps/restarter/index.cgi

When that's all done, you can restart the app by going to http://domain.com/restart

If you do that, then you might want to password-protect the restarter app directory so that only authorized users can restart it. Instructions are available here: Password Protecting a Directory with a Static/CGI/PHP App

permanent link

answered 03 Feb '16, 00:41

seanf
12.2k41836
accept rate: 37%

edited 03 Feb '16, 16:56

2016-02-02 this no longer seems to work - see the other answer for alternate solutions.

You can't really solve this problem with filesystem permissions, because no matter what you do, the other user will never be able to restart an Apache process owned by your main user.

To work around this, you can build a binary executable to control your Apache, and flip the setuid bit on it so that it always executes as your main user.

Here are the steps:

First, give your extra user permission in your Django app directory - see Granting Access to Specific Users

Next, on your WebFaction server, create a file named myapachectl.c with the following contents (change "username" to your main user name and "django" to the name of your Django app):

#include <stddef.h>
#include <stdlib.h>
#include <unistd.h>

int main(int argc, char *argv[]) {
    char *const envp[2] = {"LD_LIBRARY_PATH=/home/username/webapps/django/apache2/lib", NULL};
    execle("/home/username/webapps/django/apache2/bin/httpd.worker", 
           "/home/username/webapps/django/apache2/bin/httpd.worker", 
           "-f", "/home/username/webapps/django/apache2/conf/httpd.conf", 
       "-k", argv[1],
           (const char *) NULL, envp);
        return(EXIT_FAILURE);
}

Next, compile myapachectl.c:

gcc myapachectl.c -o ~/webapps/django/apache2/bin/myapachectl

Next, flip the setuid bit on the compiled executable:

chmod +s ~/webapps/django/apache2/bin/myapachectl

Now your extra user can run your myapachectl to start, stop, and restart your Apache:

cd /home/username/webapps/django/apache2/bin
./myapachectl stop
./myapachectl start
./myapachectl restart
permanent link

answered 15 Nov '11, 18:04

seanf
12.2k41836
accept rate: 37%

edited 03 Feb '16, 00:43

Similar question i had posted here,

http://community.webfaction.com/questions/11706/setfacl-permissions- set-on-a-file-to-an-user-but-hes-unable-to-execute?page=1#11768

I gave that user, group permissions on that file using setfacl, but it did not work!

(27 Dec '12, 06:48) Prajwal
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×908
×225

question asked: 15 Nov '11, 18:04

question was seen: 4,113 times

last updated: 10 Apr, 12:21

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM