Your message dated Sun, 24 Mar 2013 22:17:39 +0000 with message-id <[email protected]> and subject line Bug#690500: fixed in gunicorn 0.14.5-3+deb7u1 has caused the Debian Bug report #690500, regarding gunicorn: setgroups - Operation not permitted to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 690500: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690500 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: gunicorn Version: 0.14.5-3 Severity: normal Hi! As of 0.14.5-3's use of setgroups, gunicorn can no longer be started by a non-root user: 2012-10-15 09:18:24 [26411] [DEBUG] Exception in worker process: Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/gunicorn/arbiter.py", line 459, in spawn_worker worker.init_process() File "/usr/lib/pymodules/python2.6/gunicorn/workers/base.py", line 81, in init_process util.set_owner_process(self.cfg.uid, self.cfg.gid) File "/usr/lib/pymodules/python2.6/gunicorn/util.py", line 150, in set_owner_process os.setgroups([]) OSError: [Errno 1] Operation not permitted It seems that when the 'user' setting isn't supplied, it is defaulted to geteuid, and set_owner_process is still (needlessly?) invoked. ISTM that the setgroups call only needs to occur when running as root... or that a resulting EPERM should be treated as non-fatal. Amusingly, this means I must currently trust gunicorn to start as root, which I had previously avoided. :) Thanks, Matthew -- System Information: Debian Release: 6.0.6 APT prefers stable APT policy: (900, 'stable'), (800, 'testing'), (400, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages gunicorn depends on: ii python 2.6.6-3+squeeze7 interactive high-level object-orie ii python-pkg-resources 0.6.14-4 Package Discovery and Resource Acc ii python-setuptools 0.6.14-4 Python Distutils Enhancements (set ii python-support 1.0.10 automated rebuilding support for P gunicorn recommends no packages. Versions of packages gunicorn suggests: pn python-gevent <none> (no description available) pn python-pastedeploy <none> (no description available) pn python-setproctitle <none> (no description available) pn python-tornado <none> (no description available) -- no debconf information
--- End Message ---
--- Begin Message ---Source: gunicorn Source-Version: 0.14.5-3+deb7u1 We believe that the bug you reported is fixed in the latest version of gunicorn, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jonathan Wiltshire <[email protected]> (supplier of updated gunicorn package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 23 Mar 2013 20:03:01 +0000 Source: gunicorn Binary: gunicorn Architecture: source all Version: 0.14.5-3+deb7u1 Distribution: testing-proposed-updates Urgency: low Maintainer: Chris Lamb <[email protected]> Changed-By: Jonathan Wiltshire <[email protected]> Description: gunicorn - Event-based HTTP/WSGI server Closes: 690079 690500 Changes: gunicorn (0.14.5-3+deb7u1) testing-proposed-updates; urgency=low . * Non-maintainer upload. * Backport updated patch 01-drop-supplemental-groups.diff from unstable to avoid exceptions when starting as a non-root user (Closes: #690500) * Properly migrate to dh_python2 (Closes: #690079) Checksums-Sha1: 1cbd501749a8c2625d9ae3884d34021e5e0849a5 1888 gunicorn_0.14.5-3+deb7u1.dsc a0b37c72ee93d6a38b5716d793c13060b3db6ebb 9654 gunicorn_0.14.5-3+deb7u1.debian.tar.gz e38f68fa157588ab63ede25bb21d76dfd5e4246a 113712 gunicorn_0.14.5-3+deb7u1_all.deb Checksums-Sha256: 38e227488899358ee5cb662215d35dea626d8f77fb9121d4daaf6b3d5120b2a1 1888 gunicorn_0.14.5-3+deb7u1.dsc 5ac2f74d4f0758e8fb47da80d81a44fae593386b9cff8052f195812b5f12ec54 9654 gunicorn_0.14.5-3+deb7u1.debian.tar.gz b67ade4c6c204d3d3b294e97213b66013ead83ae1f2840deffaaacdb4665ce96 113712 gunicorn_0.14.5-3+deb7u1_all.deb Files: 1bd2b5f43d293fbe20a4eba87edcbd7a 1888 python optional gunicorn_0.14.5-3+deb7u1.dsc 69092ed046ebbe175f09e08691e8bbe1 9654 python optional gunicorn_0.14.5-3+deb7u1.debian.tar.gz c0d21e15d13492aa1b8a3d8932cc2906 113712 python optional gunicorn_0.14.5-3+deb7u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJRThYQAAoJEFC7AtTIpr9halMQAKF9qpV986HoV2TrNdua5H6N BWZ/oalHYQZ4m2qV4wR1v0M6ULT7Umg3+tUBC1hXqvRhZqAlZVUSj7KKvSUv9BpK ZLNq+lkraJkY2bwmR/uR0eIjs4FLlEPW0xMy1Fj4e2dt3hS+mO7IujjuYFkWj3Ak ki9kuNbjPJm63xyTlx+nkCxvS4LwxMJBJRERYWi80jiqPUx/+X471dAc7daf3vy0 vRjSqsmlsE96vbcPeG0fQ6GFqcuW74tCIHaPcSF226jKjFa8PVzFzXE6jTOzv83F NFD5fr3ivJJsvvAilwXYx0lG8mBzNlfPaCtIc+6DYmJiI8F8L0gtiBTJcpUu2/jr rDSZ4i44eyjGbjkaMTXZQY7uNZXdVGZ25TohCyPLh9I3xAZTWoSkLZ5la5OPVU3B 8GwXHIEoiEbr1HnmmWDrt1BHNtDQwPKKvmhkpjNDizvOoqLmfCJGi6Ejwi2NMXoQ e/Q2m2sRVYPABBLB29RNDNMbq0+0p1eXmoDch8tKl7H6SDhXAw4YfoCX7DRPY/fo wtGVdPw4Cq9VAWY4ZPFoF08WuDeynVDRaaTF8mJXM3AQmZ3k/i58LgsCsU0qcngN EPAvCGxZQIP+bYZPzXEX9BuHHa4EP1KPnq4x1oMSzig0GuZ0PuXBPtgo/2b+jSLx 0U5OpHc0F0wWgVQPfIKH =lvUv -----END PGP SIGNATURE-----
--- End Message ---
