CRIT Can't drop privilege as nonroot user #695
Comments
You have run You can comment out |
|
Hang on, the docs do not say this is an invalid configuration, quite the opposite. "This value has no effect if supervisord is not run as root" Therefore it should not attempt to switch user and not generate a CRIT message. I believe this issue has been closed incorrectly. |
|
I think the existing behavior is much more sane than just ignoring it would be. You asked to switch users by specifying It would be fine to clarify the docs to mention the log message, so I'll leave this open as a docs issue. |
|
This isn't a docs issue. The logical extension of what you're saying is that supervisord cannot be configured to be able to run as root and non-root. I don't think this is either intended or desirable. Why cripple functionality like that? The real problem here is that supervisord is running wrong code path. It should not attempt to change user and should simply ignore user= when running as non-root, as per the docs. |
I can't see where you are coming from with this statement. If you started
Running the wrong code path would be trying to |
|
What I mean is that what if you want to be able to run supervisord as root and non-root without configuration changes. The docs are clear that this is possible. "This value has no effect if supervisord is not run as root" There is no way this should be CRIT message. |
|
Sorry but I'm not going to keep going around and around on this. I'm fine admitting the docs aren't perfect and can make an update to clarify that it logs this message. Your configuration file asked it to switch users, it can't because it's not root, so it logged the message saying it can't do what you asked. I'm not going to change that. |
|
Well at least don't make it a CRIT. This doesn't require "immediate user attention". The product is working as designed |
* upstream/master: (61 commits) Fix a typo Merge pull request Supervisor#703 from gudata/patch-1 Add pypy3 to tox.ini and .travis.yml Use `make html` to build the docs under tox Fix package name for Sphinx Fix import for Mock Add docs to travis build Test that doc building + readme are correct Add Supervisor 3.2.0 release date to Supervisor 4 changelog Fix system.multicall() broken by faster start/stop patch In past versions, startProcess() and stopProcess() would always return a callback. 50d1857 changed this so they may return either a callback or a bool, but the code that handles system.multicall() was not updated. If multicall was used with stopProcess() followed by startProcess(), it would try to start the process before it had finished stopping. This broke the restart process link on the web interface. Added supervisor_checks to the docs. Fix typo in docs Clarify behavior of user= option. Closes Supervisor#695 Fix start/stop buttons on web broken by faster start/stop patch In past versions, startProcess() and stopProcess() would always return a callback. 50d1857 changed this so they may return either a callback or a bool, but the web interface was not updated. Show error messages when clearing a log on the web interface Move code for start and stop actions near each other Show errors when stopping a process on the web interface Show string description for unexpected faults Show all error messages in TailView. Fixes Supervisor#627 Implement __str__ so code and text of RPCError are logged This is helpful for troubleshooting issues like Supervisor#627 where the traceback doesn't show the contents of the RPCError. ...
(cherry picked from commit 5bfb269)
If I understand correctly, this is being generated because supervisord is started as a non-root user and the user parameter is specified in the config file.
As per the documentation:
user
If supervisord is run as the root user, switch users to this UNIX user account before doing any meaningful processing. This value has no effect if supervisord is not run as root.
If run as a non-root user, this parameter should not then cause a CRIT message in the logs when supervisord is working as designed.
The text was updated successfully, but these errors were encountered: