15

I have used supervisor to manage a Gunicorn process running a Django site, though this question could pertain to anything being managed by supervisor. Previously I was the only person managing and using our server, and supervisor just ran as root and I would use sudo to run supervisorctl restart myapp when needed.

Now our server has to support multiple users working on different sites, and each project needs to be able to restart their own gunicorn processes without being able to restart other users' processes.

I followed this blog post:

http://drumcoder.co.uk/blog/2010/nov/24/running-supervisorctl-non-root/

and was able to allow non-root users to use supervisorctl, but now anyone can restart anyone else's processes. From the looks of it, supervisor doesn't have a way of doing per-user access control.

Anyone have any ideas on how to allow users to restart only their own processes without root?

EDIT: Some things we've thought about include writing a script owned by root with the suid bit set that contains nothing but supervisorctl restart myapp and putting it in the directory of the user who owns myapp. The internet seems to be saying that such a script is insecure if done wrongly. We also considered writing a custom daemon that listens for commands from specific users and restarts the supervisor process if the user has permission. This idea seems overly complicated if a simpler solution would work.

davidscolgan
  • 395
  • 2
  • 12

1 Answers1

35

You could use sudo in place of your custom script to accomplish the same thing. That is, given the default supervisord configuration, in which only root can run supervisorctl, you could put an entry like this into /etc/sudoers:

alice ALL = (root) NOPASSWD:/usr/bin/supervisorctl restart app1
bob ALL = (root) NOPASSWD:/usr/bin/supervisorctl restart app2

This would allow alice to run sudo /usr/bin/supervisorctl restart app1 as root without having to provide a password, and it would allow bob to restart app2.

larsks
  • 41,276
  • 13
  • 117
  • 170