Package: uwsgi-emperor Version: 2.0.18-1 Severity: normal Hi,
on my uwsgi-emperor setup, I've noticed that uwsgi-emperor fails to stop or restart. e.g. when running `systemctl stop uwsgi-emperor`, I get (in `systemctl status uwsgi-emperor`): systemd[1]: Stopping LSB: Start/stop uWSGI server instance(s)... uwsgi-emperor[11470]: start-stop-daemon: matching on world-writable pidfile /run/uwsgi-emperor.pid is insecure systemd[1]: uwsgi-emperor.service: Succeeded. However, even though this says "Succeeded", uwsgi-emperor is still running as before, so I suspect start-stop-daemon has refused to act. Looking at the pidfile, I see indeed 666 permissions: -rw-rw-rw- 1 root root 6 aug 14 07:51 /run/uwsgi-emperor.pid Manually clearing the permissions (`chmod o-rwx /run/uwsgi-emperor.pid`) before running stopping indeed fixes both the message and makes the emperor stop properly. I found a mailing list post which suggests that this is due to the --daemonize option, which sets the umask to 0: http://lists.unbit.it/pipermail/uwsgi/2013-April/005803.html I think this issue has started occurring after upgrading to Buster. I suspect that maybe start-stop-daemon has become more strict in its permission check, or maybe the permissions changed on the uwsgi side. Adding `--umask 022` to the initscript fixed the permissions for my setup, but I suspect this might actually change all kinds of permissions for other files too, so this might not be ideal as a general solution. It seems uwsgi does not currently have any option to set the permissions of the pidfile, which might be the best solution. Doing a chmod from the init script seems like a workaround, but AFAICS would leave a race condition where the pidfile is writable for a short while. I have only tested this on a configured production system, but I highly suspect that this is not related to my setup, but also broken in a default installation. I've included my emperor config below as an indication. Gr. Matthijs -- System Information: Debian Release: 10.0 APT prefers stable APT policy: (990, 'stable'), (800, 'testing'), (700, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_WARN Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages uwsgi-emperor depends on: ii uwsgi-core 2.0.18-1 uwsgi-emperor recommends no packages. uwsgi-emperor suggests no packages. -- Configuration Files: /etc/uwsgi-emperor/emperor.ini changed: [uwsgi] log-date = true strict = true set-placeholder = base-dir=/etc/uwsgi-emperor emperor = glob://%(base-dir)/vassals/*/app-*.ini emperor = glob://%(base-dir)/vassals/app-*.ini vassals-include-before = vassal-defaults.ini hook-as-vassal = callret:chdir %(base-dir) show-config = 1 -- no debconf information