The file '/etc/supervisord.conf' contains the following section for managing the Django/gunicorn app:
command=/home/ubuntu/.virtualenvs/polls/bin/gunicorn_django -c gunicorn.conf.py settings.py
This implies that the gunicorn processes execute as root, which is easily verified using 'top'.
This is incredibly dangerous. Is there some reason why it doesn't execute as 'www-data' or some other user?