[Flask] Uwsgi emperor socket creation permissions
Corey Boyle
coreybrett at gmail.com
Sat May 25 09:50:39 EDT 2019
So I am trying to setup Uwsgi / Emperor for multiple apps each running
under their own user account.
I have the Emperor running as root in tyrant mode, and it's starting
the vassels and running them with their own accounts.
The trouble I have is the permissions on the sockets created by the
vassels. If I set chmod-socket = 666 everything works fine. The socket
is created with the vassels user and group, but Nginx (and everyone
else) is able to read/write because of the world permissions.
I just don't think that's a good situation.
What I can't figure out is how to have the vassels create the sockit
with permissions that will allow the appuser(uwsgi) and Nginx to
read/write, but keep everyone else out.
I tried using chown-socket = appuser:www-data, but that doesn't work
because appuser is not a member of the www-data group and therefore
can't set is as group.
Any suggestions?
More information about the Flask
mailing list