[Twisted-Python] automating startup of twistd application.

Syver Enstad syver-en at online.no
Fri Jan 2 18:00:07 EST 2004

Jp Calderone <exarkun at intarweb.us> writes:

> On Fri, Jan 02, 2004 at 12:55:12PM +0100, Syver Enstad wrote:

>> Because I want to do some automatic maintenace tasks I need to be
>> able to start and stop the daemon from a script. Unfortunately I
>> have little knowledge of Linux and the twistd daemon/application and
>> need some input on how to attack this problem.

> Requiring the passphrase to decrypt the SSL certificate is a measure
> of security.  It makes it more difficult for attackers to trick your
> users into thinking the attacker is you, by rendering the
> certificate useless in the absense of the passphrase.  If the
> passphrase is sitting in a plaintext file somewhere, waiting to be
> used by the script that restarts your daemon, this security is
> negated - attackers need now only read the script in addition to
> copying the certificate.  If the passphrase is stored encrypted,
> then this could be avoided, but then you would have to type in a
> passphrase to decrypt that.  Of course, you could store that
> passphrase in a file....  Hopefully you see where this is leading.

Yes, I think that I am throughly hosed anyway if someone gets access
to the filesystem on the machine in question.

>   Hope this helps,

Yes, thanks. The security aspects of it is certainly interesting and
important. Where should I look to find out how to automate startup of
the twistd daemon so that it doesn't prompt for the root password?


Syver Enstad

More information about the Twisted-Python mailing list