Your message dated Thu, 06 Oct 2016 19:06:06 +0000
with message-id <[email protected]>
and subject line Bug#762448: fixed in gunicorn 19.6.0-7
has caused the Debian Bug report #762448,
regarding gunicorn: Does not set supplementary groups when changing uid
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
762448: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762448
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: gunicorn
Version: 0.14.5-3+deb7u1
Severity: normal
Tags: upstream patch
Dear Maintainer,
When setting a user for a gunicorn worker, gunicorn sets the uid of the process
but does not set the supplementary groups the user belongs to.
Please find a patch against upstream version 0.14.5 attached. The patch
addresses the problem by initializing the process groups using initgroups before
changing the uid.
Kind Regards,
Filippos
-- System Information:
Debian Release: 7.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/24 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=UTF-8 (charmap=UTF-8) (ignored: LC_ALL set
to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages gunicorn depends on:
ii python 2.7.3-4+deb7u1
ii python-pkg-resources 0.6.24-1
ii python-setuptools 0.6.24-1
gunicorn recommends no packages.
Versions of packages gunicorn suggests:
ii python-gevent 0.13.6-1+nmu3
pn python-pastedeploy <none>
ii python-setproctitle 1.0.1-1+b1
pn python-tornado <none>
-- no debconf information
diff --git a/gunicorn/util.py b/gunicorn/util.py
index e919d53..bdf423b 100644
--- a/gunicorn/util.py
+++ b/gunicorn/util.py
@@ -14,6 +14,9 @@ except ImportError:
# Python on Solaris compiled with Sun Studio doesn't have ctypes
ctypes = None
+import errno
+import pwd
+import grp
import fcntl
import os
import pkg_resources
@@ -147,6 +150,22 @@ def set_owner_process(uid,gid):
os.setgid(-ctypes.c_int(-gid).value)
if uid:
+ username = None
+ try:
+ username = pwd.getpwuid(uid)[0]
+ except KeyError:
+ pass
+
+ if username is not None:
+ if not gid:
+ gid = os.getgid()
+
+ try:
+ os.initgroups(username, gid)
+ except OSError, e:
+ if e.errno != errno.EPERM:
+ raise
+
os.setuid(uid)
def chown(path, uid, gid):
--- End Message ---
--- Begin Message ---
Source: gunicorn
Source-Version: 19.6.0-7
We believe that the bug you reported is fixed in the latest version of
gunicorn, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Lamb <[email protected]> (supplier of updated gunicorn package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 06 Oct 2016 19:52:41 +0100
Source: gunicorn
Binary: gunicorn gunicorn3 python-gunicorn python3-gunicorn gunicorn-examples
Architecture: source
Version: 19.6.0-7
Distribution: unstable
Urgency: medium
Maintainer: Chris Lamb <[email protected]>
Changed-By: Chris Lamb <[email protected]>
Description:
gunicorn - Event-based HTTP/WSGI server (Python 2 version)
gunicorn-examples - Event-based HTTP/WSGI server (examples)
gunicorn3 - Event-based HTTP/WSGI server (Python 3 version)
python-gunicorn - Event-based HTTP/WSGI server (Python 2 libraries)
python3-gunicorn - Event-based HTTP/WSGI server (Python 3 libraries)
Closes: 762448 839250
Changes:
gunicorn (19.6.0-7) unstable; urgency=medium
.
* Set supplementary groups when changing uid Thanks to Filippos Giannakos
<[email protected]>. (Closes: #762448)
* Add example systemd service to gunicorn-examples. (Closes: #839250)
* Add README.Debian to make it clearer what to do now that /etc/gunicorn.d
has been removed.
Checksums-Sha1:
8f0f90fcb6381b2850a5f3554465c66671552336 2112 gunicorn_19.6.0-7.dsc
40ea940ad680f23df2cc045386db7eec10406e60 11336 gunicorn_19.6.0-7.debian.tar.xz
Checksums-Sha256:
7fab1b05dce9c52672f490215e9f183d3dbbaf3e392f9f1ac85d1604f66b481a 2112
gunicorn_19.6.0-7.dsc
2bbb9fc9d01d7e148ed1c22545ef331c3d00f1f22767c693e569540a7d28c569 11336
gunicorn_19.6.0-7.debian.tar.xz
Files:
f3958f64d73a73b9b0ee92e2b9ff5301 2112 httpd optional gunicorn_19.6.0-7.dsc
7c3fb561dfa205f71e292c49a9a48d06 11336 httpd optional
gunicorn_19.6.0-7.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJX9p2UAAoJEB6VPifUMR5YOtMP/24vGGqyMj+d7lal9m4HvMO6
buf1HnLUTdfd644XEbjg71b4x79g7YcWwxPSqYa09+0V7GHD0oNdJgDBFPkxIQzm
sU97b8XoiKfLC7/n9utitZF9povamwbue6UIvB6yEkY1Spu/14ZHQfCbDk74hiKm
+lnj04+P2WI9ikopCd7FGQA0Af1H1YDlcFTjVT+PGGQKPdXPduyZ0jTElbZnLR/J
wsEKyjIz3KgFotVGV4qfEMtMlTIff9k02jB+uMwn5ow4SQlOiuJLQ1Z8GmvJdowk
YfC1LptQtLEJMumMj80gaheZ5rRuuom2i4BZygYufTeFtQzOi6STyVae6qRg3I6R
Q2eonQkxOrIy62aWnqMlV4onKPZVsQ77i4lcRrshHLAQiLAttRwijE0lqQuQ7V7B
eDMrAEAOuWW+DE6klUXwgqZXk9vk+xtSPtua6kj1fuc8Zobho1kaoNkzg8YVbHC6
Yju5e+axgyKAt31Pac2PTLAlqu0Heiq/sb0jj6Een9GHOfy8c7Ni8Vuz6XTw7OaR
B5S9pb4aYjc6n3cC3u03CpgEJTicZc9gQKCvvnpafWAWAODsT4fV3TiCwfZcO0Nv
RQOFQwqOBEbLfMNG7CCYKkpk1qav9I2qtjS9Mk7c5ZLJZvI/03ZbMRgt9X+qKiuV
T4MCvRgyGr0k2sHgJrws
=F2Qp
-----END PGP SIGNATURE-----
--- End Message ---
