[pkg-uWSGI-devel] Bug#982434: Bug#982434: uwsgi-emperor: Permissions on systemd runtime directory
Jonas Smedegaard
jonas at jones.dk
Wed Feb 10 09:18:50 GMT 2021
Quoting Vlastimil Zíma (2021-02-10 09:55:18)
> it's great that a systemd service file was introduced as a result of #969372.
> But when I tried to use it, I encountered a problem with permissions on
> systemd runtime directory. The runtime directory /run/uwsgi is created
> by the systemd with owner root:root and standard permission 0755. On the
> other hand the emperor runs as www-data:www-data and so its vassals can't
> create sockets in the runtime directory.
>
> I managed to fix it by overriding the systemd service with
>
> [Service]
> Group=www-data
> RuntimeDirectoryMode=0775
>
> added to /etc/systemd/system/uwsgi-emperor.service.d/override.conf
> but I'm not sure if this is the best way. This workaround works even for
> tyrant mode with all vassals having the group www-data.
>
> I suggest the systemd service file should be modified in way that will
> allow vassals to create their sockets in emperor's runtime directory.
Thanks!
I don't use wusgi-emperor myself, nor am I particularly clever with
systemd, so I will simply take your proposed changes as-is.
For anyone reading this thinking they can do better: Please do speak up
- your input is much appreciated!
Kind regards,
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-uwsgi-devel/attachments/20210210/365e32e7/attachment.sig>
More information about the pkg-uWSGI-devel
mailing list