Skip to main content

Python: Permission denied: '/var/www/.python-eggs'

I have a Pylons app, and I got the following exception in my logs:
The following error occurred while trying to extract file(s) to the Python egg
cache:

[Errno 13] Permission denied: '/var/www/.python-eggs'

The Python egg cache directory is currently set to:

/var/www/.python-eggs

Perhaps your account does not have write access to this directory? You can
change the cache directory by setting the PYTHON_EGG_CACHE environment
variable to point to an accessible directory.
The problem is that the app was running as www-data (which was the user created for nginx and Apache). www-data's home directory is /var/www, but it doesn't have write access to it. (I'm afraid of allowing write access so that it can unpack eggs into that directory because that directory is the web root. In general, you should be careful of what you put in the web root.)

There are a few ways to address this problem. One is to make sure to always use --always-unzip when installing eggs. Another is to create a place for www-data to store its eggs by either changing its home directory or by setting the environmental variable PYTHON_EGG_CACHE.

I decided the simplest thing to do was to simply create a new user with a proper home directory.
adduser myapp  # Used a throwaway password.
vipw # Set the shell to /bin/false.
Once I did that, I updated the app to run as the myapp user and made sure it had access to all the directories it needed.

Trac requires its own user. I figure it's reasonable for my app to have its own user too.

Comments

Brandon L. Golm said…
This comment has been removed by the author.
Brandon L. Golm said…
I usually just use Apache, and compile it with
-DUSE_LARGE_SECURITY_HOLE
so I can run it as root. It solves that whole class of problems.
Just curious, but which Apache hosting mechanism are you using for Pylons? mod_fastcgi, mod_wsgi, mod_python, CGI?
Stephen Thorne said…
OH THIS BUG MAKES ME SO ANGRY RARAWRRRR.

:(

I believe all you really need to do is create that directory, I'm not sure you need to be able to write to it.

I also believe that this bug is not present in later versions of setuptools.

Unfortunately, people think eggs are the solution to anything. They're really not :(.
> Just curious, but which Apache hosting mechanism are you using for Pylons? mod_fastcgi, mod_wsgi, mod_python, CGI?

I'm not using Apache. I use nginx to proxy to Paster.
> OH THIS BUG MAKES ME SO ANGRY RARAWRRRR.

hahaha

> I believe all you really need to do is create that directory, I'm not sure you need to be able to write to it.

It actually does write stuff to the directory:

ls ~myapp/.python-eggs/
Genshi-0.5.1-py2.5-linux-i686.egg-tmp

> Unfortunately, people think eggs are the solution to anything. They're really not :(.

I don't think they're the solution to everything. In fact, I tried using them to solve the crisis in the Middle East, and they had no effect ;)

I use eggs to install third-party software. Easy peasy.