[Twisted-Python] Using twistd with -c option causes permission error

Richard Shea rshea at thecubagroup.com
Thu Aug 30 17:41:55 MDT 2018


On Wed, 29 Aug 2018, at 11:04 PM, Jean-Paul Calderone wrote:
> On Tue, Aug 28, 2018 at 5:54 AM Richard Shea
> <rshea at thecubagroup.com> wrote:>> 
>> With Apache the process starts as root, reads the key and then makes
>> the apache process run as a different, less powerful, user  but I
>> can't see how you can do the equivalent for twistd ? Am I overlooking
>> something ?>> 
> 
> twistd has `--uid` and `--gid` options for switching to another user
> after `privilegedStartService` runs.  However, I'm not sure how much
> help this will be since there is a strong desire to replace twistd
> with twist and twist does not have these features.  Perhaps someone
> who has been working on twist can explain the preferred workflow using
> that tool.
Thanks. I had no idea that --uid/--gid did anything other than run
entirely as that user/group.
Unfortunately I'm using twistd to just run a wsgi app (Flask) and so, I
assume, that whatever I provide as 'uid' / 'gid' to twistd will just be
what it runs as .
However i'm writing this without having had a chance to try it, maybe
it reads the cert/key stuff as the user who started the process and
then drops down to 'uid/'gid' ... like I way I haven't yet had a
chance to try.
Thanks for your reply.


>  
>> 
>> Thanks
>> 
>>  _______________________________________________
>>  Twisted-Python mailing list
>> Twisted-Python at twistedmatrix.com
>> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
> _________________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20180831/b58afee0/attachment-0002.html>


More information about the Twisted-Python mailing list