Thanks Ales. It's a temporary measure as we are trying make our proxy
play nice. I agree with you that these services should be proxied to a
process run by a less privileged user.
I changed the user on supervisord for now to root, starting all programs
as nobody except for this one which now drops its privileges adter
starting. Supervisord runs with an init script that respawns. To break
through the respawning, I killed the process a few times in a row. After
10 kills in 5 secs (respawn defaults), the process exits. Very ugly I
think but it works and probably shows I have still a lot to learn about
linux.
Cheers, Allard
On 5/23/12 4:41 PM, Ales Zoulek wrote:
I don't know how are you starting the supervisor (init script), but
supervisor (ran as run) can switch it's user by
[supervisord]
user = nobody
So you should check this in your supervisor config.
But generally it may not be a good idea to run your app as root and
droping the priviledges yourself.. Usualy you start your app on higher
port as ordinary user and proxy the ports (nginx http(s), haproxy for
tcp..).
Ales
------------------------------------------------------
Ales Zoulek
+420 604 332 515
Jabber: [email protected] <mailto:[email protected]>
------------------------------------------------------
On Wed, May 23, 2012 at 10:30 PM, Allard Schipper
<[email protected] <mailto:[email protected]>> wrote:
First of all, thank you for making Supervisord! It has been a
great help to manage my websites and Python apps.
I am having a hard time getting Supervisord to run a simple Python
server (policy server for Flash, port 843) with a port number
under 1024. It requires to have a program start as root. I have
supervisord running as nobody. I realize it should be run as root
though. I tried to kill supervisord and then start it again but of
course supervisord is resilient and restarts itself as nobody
again. How do I get around this problem and get supervisord to run
as root?
Once supervisord is running as root, starting programs as root,
does my app need to drop the root priviliges?
Thanks, Allard
_______________________________________________
Supervisor-users mailing list
[email protected]
<mailto:[email protected]>
http://lists.supervisord.org/mailman/listinfo/supervisor-users
--
--------------------------------------------------
Expand your social circles with Other Circles.
Sign up for our beta-list today:
www.othercircles.com <http://www.othercircles.com>
--------------------------------------------------
_______________________________________________
Supervisor-users mailing list
[email protected]
http://lists.supervisord.org/mailman/listinfo/supervisor-users
