Can't run uwsgi as root, "bind(): Permission denied"

Question

I try to configure uWsgi, Django ,Nginx with this document: http://uwsgi-docs.readthedocs.org/en/latest/tutorials/Django_and_nginx.html

Finish config the uwsgi.ini file, create a soft link at /etc/uwsgi/vassals.

Failed at the last step :Make uWSGI startup when the system boots.

When run this command:

sudo /usr/local/bin/uwsgi --emperor /etc/uwsgi/vassals --uid www-data --gid www-data

I got this error:

clock source: unix detected number of CPU cores: 1 current working directory: /etc/uwsgi/vassals detected binary path: /usr/local/bin/uwsgi !!! no internal routing support, rebuild with pcre support !!! your processes number limit is 3813 your memory page size is 4096 bytes detected max file descriptor number: 1024 lock engine: pthread robust mutexes thunder lock: disabled (you can enable it with --thunder-lock) bind(): Permission denied [core/socket.c line 227] Tue May 27 05:29:26 2014 - [emperor] curse the uwsgi instance uwsgi.ini (pid: 1391) Tue May 27 05:29:29 2014 - [emperor] removed uwsgi instance uwsgi.ini 

If I run this command without sudo, everything is OK.

I've add user "kk" into group "www-data", and here is the uwsgi.ini

[uwsgi] chdir           = /home/kk/XXXXXXX module          = wsgi home            = /home/kk/XXXXXXX  master          = true processes       = 10 socket          = /home/kk/XXXXXXX/mysite.sock chmod-socket    = 666 vacuum          = true 

I guess maybe I made mistake on file permission. Does anybody have good idea?Thank you.

---

Update:

The official document is correct, I follow the steps to deploy the project in another new VPS, no error occurred.

Answer 1

I don't know why the permissions don't work, but I ran into the same problem.

One quick way to fix this is to move the sockets to /tmp though! (Which is a fairly reasonable place to keep sockets anyway...)

so just update the uwsgi config with:

socket          = /tmp/mysite.sock 

and the nginx-config with:

upstream django {     server unix:///tmp/mysite.sock; } 

and it'll start working!

Answer 2

I was having this problem. Running without setting the group and user ids solved the problem. I'll probably revisit this when I have more time to fix file permissions for the directory, but it works for the moment

/usr/local/bin/uwsgi --emperor /etc/uwsgi/vassals

EDIT I've had time to revisit this answer and I'd have to say that this is not good practice when running uwsgi in production.

The problem with the tutorial as written is that it assumes that www-data is a user and that the www-data user and group has access to all the files it needs on your server; in particular the socket file. Replace the appropriate arguments with your user and group and and you'll be good to go (and won't leave a gaping security hole on your server).

So, the correct command (if I was user ovangle in group ovangle would be):

/usr/local/bin/uwsgi --emperor /etc/uwsgi/vassals --uid ovangle --gid ovangle

It would be better to create a user which has the specific permissions it needs to run the server successfully, but that's left as an exercise for the reader.