uWSGI vassal 没有产生正确的权限
uWSGI vassal not spawning with correct permissions
我有一个 vassal,我希望 运行 作为 cuckoo 用户。 vassal 创建一个 Nginx 可以读写的套接字。目前,vassal 只会在 uwsgi 用户权限应用于套接字 /var/run/cuckoo/cuckoo.sock 时生成。当数据发布到 Nginx 并发送到 vassal 以写入文件系统时出现的问题,数据是使用 uwsgi 而不是 cuckoo 用户权限写入的。下面是各自的配置。关于如何正确创建具有 cuckoo 权限的 vassal 及其相应套接字的任何想法,以便通过该过程写入的数据将作为 cuckoo 用户写入?
- CentOS Linux 发布 7.9.2009
- uwsgi-2.0.18-8.el7.x86_64
- uwsgi-plugin-common-2.0.18-8.el7.x86_64
- uwsgi-plugin-python2-2.0.18-8.el7.x86_64
/etc/uwsgi.ini
[uwsgi]
uid = uwsgi
gid = uwsgi
emperor = /etc/uwsgi.d
chmod-socket = 660
emperor-tyrant = true
cap = setgid,setuid
/etc/uwsgi.d/cuckoo.ini
[uwsgi]
socket = /var/run/cuckoo/cuckoo.sock
chmod-socket = 766
plugins = python
virtualenv = /opt/cuckoo/cuckoo-virtual-env
module = cuckoo.apps.api
callable = app
uid = cuckoo
gid = cuckoo
env = CUCKOO_APP=api
env = CUCKOO_CWD=/opt/cuckoo/cuckoo-working-dir
套接字权限
$ ls -l /var/run/cuckoo/
total 0
srwxrw-rw-. 1 uwsgi uwsgi 0 Nov 5 13:47 cuckoo.sock
$ ls -l /run/uwsgi/
total 4
srw-rw----. 1 uwsgi uwsgi 0 Nov 5 13:47 stats.sock
-rw-r--r--. 1 uwsgi uwsgi 6 Nov 5 13:47 uwsgi.pid
配置权限
$ ls -l /etc/uwsgi.*
-rw-r--r--. 1 uwsgi uwsgi 117 Nov 5 13:46 /etc/uwsgi.ini
/etc/uwsgi.d:
total 4
-rw-r--r--. 1 uwsgi uwsgi 288 Nov 5 04:22 cuckoo.ini
由于我们不尝试托管多个应用程序,解决方法是 运行 uwsgi 作为应用程序用户,在我们的例子中,cuckoo 用户:
/etc/uwsgi.ini
[uwsgi]
uid = cuckoo
gid = cuckoo
emperor = /etc/uwsgi.d
chmod-socket = 660
emperor-tyrant = true
cap = setgid,setuid
并更新了配置权限:
$ ls -l /etc/uwsgi.*
-rw-r--r--. 1 cuckoo cuckoo 118 Nov 5 18:00 /etc/uwsgi.ini
/etc/uwsgi.d:
total 4
-rw-r--r--. 1 cuckoo cuckoo 270 Nov 5 17:54 cuckoo.ini
这允许 vassal 正确生成并且 Nginx 可以访问套接字。
我有一个 vassal,我希望 运行 作为 cuckoo 用户。 vassal 创建一个 Nginx 可以读写的套接字。目前,vassal 只会在 uwsgi 用户权限应用于套接字 /var/run/cuckoo/cuckoo.sock 时生成。当数据发布到 Nginx 并发送到 vassal 以写入文件系统时出现的问题,数据是使用 uwsgi 而不是 cuckoo 用户权限写入的。下面是各自的配置。关于如何正确创建具有 cuckoo 权限的 vassal 及其相应套接字的任何想法,以便通过该过程写入的数据将作为 cuckoo 用户写入?
- CentOS Linux 发布 7.9.2009
- uwsgi-2.0.18-8.el7.x86_64
- uwsgi-plugin-common-2.0.18-8.el7.x86_64
- uwsgi-plugin-python2-2.0.18-8.el7.x86_64
/etc/uwsgi.ini
[uwsgi]
uid = uwsgi
gid = uwsgi
emperor = /etc/uwsgi.d
chmod-socket = 660
emperor-tyrant = true
cap = setgid,setuid
/etc/uwsgi.d/cuckoo.ini
[uwsgi]
socket = /var/run/cuckoo/cuckoo.sock
chmod-socket = 766
plugins = python
virtualenv = /opt/cuckoo/cuckoo-virtual-env
module = cuckoo.apps.api
callable = app
uid = cuckoo
gid = cuckoo
env = CUCKOO_APP=api
env = CUCKOO_CWD=/opt/cuckoo/cuckoo-working-dir
套接字权限
$ ls -l /var/run/cuckoo/
total 0
srwxrw-rw-. 1 uwsgi uwsgi 0 Nov 5 13:47 cuckoo.sock
$ ls -l /run/uwsgi/
total 4
srw-rw----. 1 uwsgi uwsgi 0 Nov 5 13:47 stats.sock
-rw-r--r--. 1 uwsgi uwsgi 6 Nov 5 13:47 uwsgi.pid
配置权限
$ ls -l /etc/uwsgi.*
-rw-r--r--. 1 uwsgi uwsgi 117 Nov 5 13:46 /etc/uwsgi.ini
/etc/uwsgi.d:
total 4
-rw-r--r--. 1 uwsgi uwsgi 288 Nov 5 04:22 cuckoo.ini
由于我们不尝试托管多个应用程序,解决方法是 运行 uwsgi 作为应用程序用户,在我们的例子中,cuckoo 用户:
/etc/uwsgi.ini
[uwsgi]
uid = cuckoo
gid = cuckoo
emperor = /etc/uwsgi.d
chmod-socket = 660
emperor-tyrant = true
cap = setgid,setuid
并更新了配置权限:
$ ls -l /etc/uwsgi.*
-rw-r--r--. 1 cuckoo cuckoo 118 Nov 5 18:00 /etc/uwsgi.ini
/etc/uwsgi.d:
total 4
-rw-r--r--. 1 cuckoo cuckoo 270 Nov 5 17:54 cuckoo.ini
这允许 vassal 正确生成并且 Nginx 可以访问套接字。