On Tue, Aug 28, 2018 at 5:54 AM Richard Shea <rshea@thecubagroup.com> wrote:>>
With Apache the process starts as root, reads the key and then makes the apache process run as a different, less powerful, user but I can't see how you can do the equivalent for twistd ? Am I overlooking something ?>>
twistd has `--uid` and `--gid` options for switching to another user after `privilegedStartService` runs. However, I'm not sure how much help this will be since there is a strong desire to replace twistd with twist and twist does not have these features. Perhaps someone who has been working on twist can explain the preferred workflow using that tool. Thanks. I had no idea that --uid/--gid did anything other than run entirely as that user/group. Unfortunately I'm using twistd to just run a wsgi app (Flask) and so, I assume, that whatever I provide as 'uid' / 'gid' to twistd will just be what it runs as . However i'm writing this without having had a chance to try it, maybe it reads the cert/key stuff as the user who started the process and
On Wed, 29 Aug 2018, at 11:04 PM, Jean-Paul Calderone wrote: then drops down to 'uid/'gid' ... like I way I haven't yet had a chance to try. Thanks for your reply.
Thanks
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
_________________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python