linux - uWSGI vassal 没有以正确的权限生成

问题描述

我有一个我希望以cuckoo用户身份运行的附庸。vassal 创建一个 Nginx 可以读取和写入的套接字。uwsgi目前，只有当用户权限应用于 socket时，vassal 才会生成/var/run/cuckoo/cuckoo.sock。当数据发布到 Nginx 并发送到 vassal 以写入文件系统时发生的问题，数据是使用uwsgi而不是cuckoo用户权限写入的。下面是各自的配置。关于如何正确创建具有权限的 vassal 及其各自的套接字cuckoo以便通过进程写入的数据将作为cuckoo用户写入的任何想法？

• CentOS Linux 版本 7.9.2009
• uwsgi-2.0.18-8.el7.x86_64
• uwsgi-plugin-common-2.0.18-8.el7.x86_64
• uwsgi-plugin-python2-2.0.18-8.el7.x86_64

/etc/uwsgi.ini

[uwsgi]
uid = uwsgi
gid = uwsgi
emperor = /etc/uwsgi.d
chmod-socket = 660
emperor-tyrant = true
cap = setgid,setuid

/etc/uwsgi.d/cuckoo.ini

[uwsgi]
socket = /var/run/cuckoo/cuckoo.sock
chmod-socket = 766
plugins = python
virtualenv = /opt/cuckoo/cuckoo-virtual-env
module = cuckoo.apps.api
callable = app
uid = cuckoo
gid = cuckoo
env = CUCKOO_APP=api
env = CUCKOO_CWD=/opt/cuckoo/cuckoo-working-dir

套接字权限

$ ls -l /var/run/cuckoo/
total 0
srwxrw-rw-. 1 uwsgi uwsgi 0 Nov  5 13:47 cuckoo.sock
$ ls -l /run/uwsgi/
total 4
srw-rw----. 1 uwsgi uwsgi 0 Nov  5 13:47 stats.sock
-rw-r--r--. 1 uwsgi uwsgi 6 Nov  5 13:47 uwsgi.pid

配置权限

$ ls -l /etc/uwsgi.*
-rw-r--r--. 1 uwsgi uwsgi  117 Nov  5 13:46 /etc/uwsgi.ini

/etc/uwsgi.d:
total 4
-rw-r--r--. 1 uwsgi uwsgi 288 Nov  5 04:22 cuckoo.ini

标签： linuxsocketspermissionsuwsgi