On 8/20/2019 2:44 PM, Peter Palfrader wrote: > On Thu, 08 Aug 2019, Philipp Kern wrote: > >> Done, thanks #7892. >> Sounds good, filed #7893 for that. Thanks! > > Seems that RT#7892 and RT#7893 have been resolved by Julien already. > Yay.
Yeah, thanks very much. I have now put out [1]. Let's see how that goes. >>> Then apache can easily launch your wsgi thing as a specific user and >>> voila. >> >> Where should the socket live for that? > > Not sure that's a meaningful question if apache launches the process. That was originally the big unknown for me, but yeah, that just worked as Apache keeps its parent around running as root anyway. > It'd be configured similar to this: > > | WSGIDaemonProcess snapshot.debian.org user=nobody group=nogroup home=/ > processes=4 threads=9 maximum-requests=5000 inactivity-timeout=1800 > umask=0077 display-name=wsgi-snapshot.debian.org Thanks for the pointer. I did figure this out by reading docs and ended up with this: > WSGIDaemonProcess buildd.debian.org user=wbadm-web group=wbadm-web processes=2 If this requires adjustments from your side, feel free to do them yourself or tell me to change it. :) Thanks for your help. Kind regards Philipp Kern [1] https://debblog.philkern.de/2019/08/alpha-self-service-buildd-givebacks.html
