Python 是否以 root 身份启动 supervisord?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/19918177/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Starting supervisord as root or not?
提问by kev
Supervisor is running on 3.0:
主管在 3.0 上运行:
pip freeze | grep supervisor
supervisor==3.0
When starting supervisord from the command line:
从命令行启动 supervisord 时:
sudo $VIRTENV/supervisord --nodaemon --configuration $PATH_TO_CONFIG/supervisord.conf
I get this error:
我收到此错误:
2013-11-11 23:30:50,205 CRIT Supervisor running as root (no user in config file)
But I can't start supervisord without sudo, it complains:
但是没有sudo,我无法启动 supervisord ,它抱怨:
Error: Cannot open an HTTP server: socket.error reported errno.EACCES (13)
What is the right way to deal with it?
处理它的正确方法是什么?
(I get the same error if starting it as root but setting user = foobar under the [supervisord] section in supervisord.conf)
(如果以 root 身份启动但在 supervisord.conf 中的 [supervisord] 部分下设置 user = foobar,我会收到相同的错误)
Update:Here is my supervisord.conf
更新:这是我的 supervisord.conf
[unix_http_server]
file = /opt/run/supervisord.sock
[inet_http_server]
port = 9001
username = foobar
password = foobar
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisord]
logfile = /opt/logs/supervisord.log
loglevel = debug
pidfile = /opt/run/supervisord.pid
[supervisorctl]
[program:foo1]
user = foobar
autostart = True
autorestart = True
command = foo1
stdout_logfile = /opt/logs/foo1.stdout.log
stderr_logfile = /opt/logs/foo1.stderr.log
stdout_logfile_maxbytes = 10MB
stderr_logfile_maxbytes = 10MB
[program:foo2]
user = foobar
autostart = true
autorestart = true
command = foo2
priority = 100
stdout_logfile_backups = 0
stderr_logfile_backups = 0
stdout_logfile_maxbytes = 10MB
stderr_logfile_maxbytes = 10MB
stdout_logfile = /opt/logs/foo2.stdout.log
stderr_logfile = /opt/logs/foo2.stderr.log
回答by Jan Vorcak
Supervisord switches to UNIX user account before any processing.
在进行任何处理之前,Supervisord 会切换到 UNIX 用户帐户。
You need to specify what kind of user account it should use, run the daemon as root but specify user in the config file
您需要指定它应该使用哪种用户帐户,以 root 身份运行守护程序,但在配置文件中指定用户
Example:
例子:
[program:myprogram]
command=gunicorn --worker-class socketio.sgunicorn.GeventSocketIOWorker app.wsgi:application -b 127.0.0.1:8000
directory=/opt/myprogram
user=user1
autostart=true
autorestart=true
redirect_stderr=True
Visit http://supervisord.org/configuration.html#program-x-section-valuesfor more information
访问http://supervisord.org/configuration.html#program-x-section-values了解更多信息
回答by Rylan
When you start supervisor as root, you need to specify a user for supervisor to drop to for security reasons
当您以 root 身份启动 supervisor 时,出于安全原因,您需要为 supervisor 指定一个要删除的用户
From the supervisor docs (http://supervisord.org/configuration.html):
来自主管文档(http://supervisord.org/configuration.html):
user
If supervisord is run as the root user, switch users to this UNIX user account before doing any meaningful processing.
This value has no effect if supervisord is not run as root.
Put this in your conf file:
把它放在你的 conf 文件中:
[supervisord]
user=nobody
The user should be a user which exists, but does not have sudo permissions (nobody can work).
用户应该是一个存在的用户,但没有 sudo 权限(没有人可以工作)。
回答by Matthew Moisen
For me, I received this error while running as a non-root user:
对我来说,我在以非 root 用户身份运行时收到此错误:
Error: Cannot open an HTTP server: socket.error reported errno.EACCES (13)
This went away after I chowned the directory holding the sock file to that user.
在我将保存 sock 文件的目录归还给该用户后,这种情况就消失了。
In your case:
在你的情况下:
[unix_http_server]
file = /opt/run/supervisord.sock
Either chown username /opt/run/, or point the file to another directory that is owned by the user.
要么chown username /opt/run/,或将文件指向由用户拥有的另一个目录。
I learned this approach from this link.
我从这个链接学到了这种方法。
Additionally, my sysadmins installed an init.d script I wrote. The init.d script is run as root, but the script can get supervisord to start on myuserwith this command:
此外,我的系统管理员安装了我编写的 init.d 脚本。init.d 脚本以 root 身份运行,但脚本可以myuser使用以下命令启动 supervisord :
SUPERVISORD=/path/to/supervisord
PIDFILE=/path/to/supervisord.pid
OPTIONS='-c /path/to/supervisord.conf'
daemon --pidfile=$PIDFILE --user=myuser $SUPERVISORD $OPTIONS
回答by Kyan
You got:
你得到了:
Per my understanding, you got this CRIT message which is bothering you:
根据我的理解,您收到了这条困扰您的 CRIT 消息:
CRIT Supervisor running as root (no user in config file)
以 root 身份运行的 CRIT Supervisor(配置文件中没有用户)
The words in brackets is a clue. This message indicates that you may be running Supervisor as root unintentionally.
括号中的词是一个线索。此消息表明您可能无意中以 root 身份运行 Supervisor 。
Do this:
做这个:
So the solution is pretty simple: Tell Supervisor that you are doing this intentionally.
(in /etc/supervisor/supervisord.conf)
所以解决方案非常简单:告诉主管你是故意这样做的。
(在/etc/supervisor/supervisord.conf)
[supervisord]
user = root
Once you run Supervisord as root, it sets uid to the user you assigned, which is, root. (#308)
一旦您以 root 身份运行 Supervisord,它就会将 uid 设置为您分配的用户,即 root。(#308)
Not important:
不重要:
Although now you may get this message:
虽然现在您可能会收到此消息:
CRIT Set uid to user 0
CRIT 将 uid 设置为用户 0
No worries, this message should be a INFO level rather than a CRIT level. (#693)
不用担心,此消息应该是 INFO 级别而不是 CRIT 级别。(第693章)
