[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSO support for buildd.d.o / writing to wanna-build from www-data

On 8/20/2019 2:44 PM, Peter Palfrader wrote:
> On Thu, 08 Aug 2019, Philipp Kern wrote:
> 
>> Done, thanks #7892.
>> Sounds good, filed #7893 for that. Thanks!
> 
> Seems that RT#7892 and RT#7893 have been resolved by Julien already.
> Yay.

Yeah, thanks very much. I have now put out [1]. Let's see how that goes.

>>> Then apache can easily launch your wsgi thing as a specific user and
>>> voila.
>>
>> Where should the socket live for that?
> 
> Not sure that's a meaningful question if apache launches the process.

That was originally the big unknown for me, but yeah, that just worked
as Apache keeps its parent around running as root anyway.

> It'd be configured similar to this:
> 
> | WSGIDaemonProcess snapshot.debian.org user=nobody group=nogroup home=/ processes=4 threads=9 maximum-requests=5000 inactivity-timeout=1800 umask=0077 display-name=wsgi-snapshot.debian.org

Thanks for the pointer. I did figure this out by reading docs and ended
up with this:

> WSGIDaemonProcess buildd.debian.org user=wbadm-web group=wbadm-web processes=2

If this requires adjustments from your side, feel free to do them
yourself or tell me to change it. :)

Thanks for your help.

Kind regards
Philipp Kern

[1]
https://debblog.philkern.de/2019/08/alpha-self-service-buildd-givebacks.html
Reply to: