Re: SSO support for buildd.d.o / writing to wanna-build from www-data
On 8/20/2019 2:44 PM, Peter Palfrader wrote:
> On Thu, 08 Aug 2019, Philipp Kern wrote:
>
>> Done, thanks #7892.
>> Sounds good, filed #7893 for that. Thanks!
>
> Seems that RT#7892 and RT#7893 have been resolved by Julien already.
> Yay.
Yeah, thanks very much. I have now put out [1]. Let's see how that goes.
>>> Then apache can easily launch your wsgi thing as a specific user and
>>> voila.
>>
>> Where should the socket live for that?
>
> Not sure that's a meaningful question if apache launches the process.
That was originally the big unknown for me, but yeah, that just worked
as Apache keeps its parent around running as root anyway.
> It'd be configured similar to this:
>
> | WSGIDaemonProcess snapshot.debian.org user=nobody group=nogroup home=/ processes=4 threads=9 maximum-requests=5000 inactivity-timeout=1800 umask=0077 display-name=wsgi-snapshot.debian.org
Thanks for the pointer. I did figure this out by reading docs and ended
up with this:
> WSGIDaemonProcess buildd.debian.org user=wbadm-web group=wbadm-web processes=2
If this requires adjustments from your side, feel free to do them
yourself or tell me to change it. :)
Thanks for your help.
Kind regards
Philipp Kern
[1]
https://debblog.philkern.de/2019/08/alpha-self-service-buildd-givebacks.html
Reply to: