If you are an advanced user and you’re going to run a PANDA server, you may want to know how it all works. This page lays out the users, services and files that are part of the standard PANDA setup.
This might also be thought of as a guide to what you may need to change in the event you want to run PANDA in a non-standard configuration.
Runs the uwsgi and celeryd services and owns their logs. Owns /var/lib/panda/media (compressed assets) and /var/lib/panda/uploads (uploaded files). Only this user should be used to execute Django management commands, etc:
sudo -u panda -E python manage.py shell
Note when executing command as the panda user, it’s often necessary to use the -E option to sudo, so that the DEPLOYMENT_TARGET environment variable will be preserved.
Runs the postgresql service and owns its database files and logs.
Owns everything else, including the panda source code in /opt/panda.
Runs the solr service and owns its files (/opt/solr), indices and logs.
The standard Ubuntu login user. Must be used to SSH into the system and run sudo. Has read-only access to files and logs, but can not execute any system commands.
Runs the nginx service and owns its logs.
Web server. Runs on port 80.
Database. Runs on port 5432 locally. Not accessible from remote hosts.
Search engine. Runs on 8983. Not accessible from remote hosts.
Python application server. Runs over a socket at /var/run/uwsgi/wsgi.sock.