Your message dated Sun, 24 Mar 2013 22:17:39 +0000
with message-id <e1ujter-0004dj...@franck.debian.org>
and subject line Bug#690500: fixed in gunicorn 0.14.5-3+deb7u1
has caused the Debian Bug report #690500,
regarding gunicorn: setgroups - Operation not permitted
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
690500: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690500
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gunicorn
Version: 0.14.5-3
Severity: normal
Hi!
As of 0.14.5-3's use of setgroups, gunicorn can no longer be started by
a non-root user:
2012-10-15 09:18:24 [26411] [DEBUG] Exception in worker process:
Traceback (most recent call last):
File "/usr/lib/pymodules/python2.6/gunicorn/arbiter.py", line 459, in
spawn_worker
worker.init_process()
File "/usr/lib/pymodules/python2.6/gunicorn/workers/base.py", line 81, in
init_process
util.set_owner_process(self.cfg.uid, self.cfg.gid)
File "/usr/lib/pymodules/python2.6/gunicorn/util.py", line 150, in
set_owner_process
os.setgroups([])
OSError: [Errno 1] Operation not permitted
It seems that when the 'user' setting isn't supplied, it is defaulted to
geteuid, and set_owner_process is still (needlessly?) invoked.
ISTM that the setgroups call only needs to occur when running as root... or
that a resulting EPERM should be treated as non-fatal.
Amusingly, this means I must currently trust gunicorn to start as root, which I
had previously avoided. :)
Thanks,
Matthew
-- System Information:
Debian Release: 6.0.6
APT prefers stable
APT policy: (900, 'stable'), (800, 'testing'), (400, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages gunicorn depends on:
ii python 2.6.6-3+squeeze7 interactive high-level object-orie
ii python-pkg-resources 0.6.14-4 Package Discovery and Resource Acc
ii python-setuptools 0.6.14-4 Python Distutils Enhancements (set
ii python-support 1.0.10 automated rebuilding support for P
gunicorn recommends no packages.
Versions of packages gunicorn suggests:
pn python-gevent <none> (no description available)
pn python-pastedeploy <none> (no description available)
pn python-setproctitle <none> (no description available)
pn python-tornado <none> (no description available)
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: gunicorn
Source-Version: 0.14.5-3+deb7u1
We believe that the bug you reported is fixed in the latest version of
gunicorn, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 690...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonathan Wiltshire <j...@debian.org> (supplier of updated gunicorn package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 23 Mar 2013 20:03:01 +0000
Source: gunicorn
Binary: gunicorn
Architecture: source all
Version: 0.14.5-3+deb7u1
Distribution: testing-proposed-updates
Urgency: low
Maintainer: Chris Lamb <la...@debian.org>
Changed-By: Jonathan Wiltshire <j...@debian.org>
Description:
gunicorn - Event-based HTTP/WSGI server
Closes: 690079 690500
Changes:
gunicorn (0.14.5-3+deb7u1) testing-proposed-updates; urgency=low
.
* Non-maintainer upload.
* Backport updated patch 01-drop-supplemental-groups.diff from unstable
to avoid exceptions when starting as a non-root user (Closes: #690500)
* Properly migrate to dh_python2 (Closes: #690079)
Checksums-Sha1:
1cbd501749a8c2625d9ae3884d34021e5e0849a5 1888 gunicorn_0.14.5-3+deb7u1.dsc
a0b37c72ee93d6a38b5716d793c13060b3db6ebb 9654
gunicorn_0.14.5-3+deb7u1.debian.tar.gz
e38f68fa157588ab63ede25bb21d76dfd5e4246a 113712
gunicorn_0.14.5-3+deb7u1_all.deb
Checksums-Sha256:
38e227488899358ee5cb662215d35dea626d8f77fb9121d4daaf6b3d5120b2a1 1888
gunicorn_0.14.5-3+deb7u1.dsc
5ac2f74d4f0758e8fb47da80d81a44fae593386b9cff8052f195812b5f12ec54 9654
gunicorn_0.14.5-3+deb7u1.debian.tar.gz
b67ade4c6c204d3d3b294e97213b66013ead83ae1f2840deffaaacdb4665ce96 113712
gunicorn_0.14.5-3+deb7u1_all.deb
Files:
1bd2b5f43d293fbe20a4eba87edcbd7a 1888 python optional
gunicorn_0.14.5-3+deb7u1.dsc
69092ed046ebbe175f09e08691e8bbe1 9654 python optional
gunicorn_0.14.5-3+deb7u1.debian.tar.gz
c0d21e15d13492aa1b8a3d8932cc2906 113712 python optional
gunicorn_0.14.5-3+deb7u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJRThYQAAoJEFC7AtTIpr9halMQAKF9qpV986HoV2TrNdua5H6N
BWZ/oalHYQZ4m2qV4wR1v0M6ULT7Umg3+tUBC1hXqvRhZqAlZVUSj7KKvSUv9BpK
ZLNq+lkraJkY2bwmR/uR0eIjs4FLlEPW0xMy1Fj4e2dt3hS+mO7IujjuYFkWj3Ak
ki9kuNbjPJm63xyTlx+nkCxvS4LwxMJBJRERYWi80jiqPUx/+X471dAc7daf3vy0
vRjSqsmlsE96vbcPeG0fQ6GFqcuW74tCIHaPcSF226jKjFa8PVzFzXE6jTOzv83F
NFD5fr3ivJJsvvAilwXYx0lG8mBzNlfPaCtIc+6DYmJiI8F8L0gtiBTJcpUu2/jr
rDSZ4i44eyjGbjkaMTXZQY7uNZXdVGZ25TohCyPLh9I3xAZTWoSkLZ5la5OPVU3B
8GwXHIEoiEbr1HnmmWDrt1BHNtDQwPKKvmhkpjNDizvOoqLmfCJGi6Ejwi2NMXoQ
e/Q2m2sRVYPABBLB29RNDNMbq0+0p1eXmoDch8tKl7H6SDhXAw4YfoCX7DRPY/fo
wtGVdPw4Cq9VAWY4ZPFoF08WuDeynVDRaaTF8mJXM3AQmZ3k/i58LgsCsU0qcngN
EPAvCGxZQIP+bYZPzXEX9BuHHa4EP1KPnq4x1oMSzig0GuZ0PuXBPtgo/2b+jSLx
0U5OpHc0F0wWgVQPfIKH
=lvUv
-----END PGP SIGNATURE-----
--- End Message ---
