On Wed, 29 Aug 2018, at 11:04 PM, Jean-Paul Calderone wrote: > On Tue, Aug 28, 2018 at 5:54 AM Richard Shea > <rs...@thecubagroup.com> wrote:>> >> With Apache the process starts as root, reads the key and then makes >> the apache process run as a different, less powerful, user but I >> can't see how you can do the equivalent for twistd ? Am I overlooking >> something ?>> > > twistd has `--uid` and `--gid` options for switching to another user > after `privilegedStartService` runs. However, I'm not sure how much > help this will be since there is a strong desire to replace twistd > with twist and twist does not have these features. Perhaps someone > who has been working on twist can explain the preferred workflow using > that tool. Thanks. I had no idea that --uid/--gid did anything other than run entirely as that user/group. Unfortunately I'm using twistd to just run a wsgi app (Flask) and so, I assume, that whatever I provide as 'uid' / 'gid' to twistd will just be what it runs as . However i'm writing this without having had a chance to try it, maybe it reads the cert/key stuff as the user who started the process and then drops down to 'uid/'gid' ... like I way I haven't yet had a chance to try. Thanks for your reply.
> >> >> Thanks >> >> _______________________________________________ >> Twisted-Python mailing list >> Twisted-Python@twistedmatrix.com >> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python > _________________________________________________ > Twisted-Python mailing list > Twisted-Python@twistedmatrix.com > https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
