I have used supervisor to manage a Gunicorn process running a Django site, though this question could pertain to anything being managed by supervisor. Previously I was the only person managing and using our server, and supervisor just ran as root and I would use sudo to run supervisorctl restart myapp
when needed.
Now our server has to support multiple users working on different sites, and each project needs to be able to restart their own gunicorn processes without being able to restart other users' processes.
I followed this blog post:
http://drumcoder.co.uk/blog/2010/nov/24/running-supervisorctl-non-root/
and was able to allow non-root users to use supervisorctl, but now anyone can restart anyone else's processes. From the looks of it, supervisor doesn't have a way of doing per-user access control.
Anyone have any ideas on how to allow users to restart only their own processes without root?
EDIT: Some things we've thought about include writing a script owned by root with the suid bit set that contains nothing but supervisorctl restart myapp
and putting it in the directory of the user who owns myapp
. The internet seems to be saying that such a script is insecure if done wrongly. We also considered writing a custom daemon that listens for commands from specific users and restarts the supervisor process if the user has permission. This idea seems overly complicated if a simpler solution would work.
You could use
sudo
in place of your custom script to accomplish the same thing. That is, given the defaultsupervisord
configuration, in which only root can runsupervisorctl
, you could put an entry like this into/etc/sudoers
:This would allow
alice
to runsudo /usr/bin/supervisorctl restart app1
as root without having to provide a password, and it would allowbob
to restartapp2
.