On Mar 27, 2013 10:54 AM, "Guido Berhoerster" <[email protected]> wrote: > * Roberto De Ioris <[email protected]> [2013-03-27 15:26]: > > > > i understand the problem (expecially when you copy the vassals to remote > > nodes). What about using alternative storages for configs ? For example > > storing in postgresql is an handy way (at least for me). > > That would be overkill in my case and it's not a huge problem. > Thinking about it, would it be possible to determine file > ownership in tyrant mode through lstat rather than stat? I > suppose that would allow something like using > --emperor='/home/*/uwsgi.ini' --emperor-tyrant safely? Currently > it is a bit ugly that one has to create a root-owned container > directory somewhere for vassal configuration files since one > usually does not want user-owned files in /etc.
IMO /etc is for static/global/infrequently updates system-level config, not for applications or dynamic config... eg. /etc might contain the emperor config only. Other/[var]iable config belong to /var[/lib], esp. considering the growing interest in achieving readonly /etc by default (as driven by systemd). I would second the suggestion to make use of an alternate config provider (the zmq one is especially useful), or possibly using a sticky-bit directories + 0600 configfile perms... alas, the lstat() solution sounds pretty solid though, in lieu of something superior, like an zmq/https provider. -- C Anthony
_______________________________________________ uWSGI mailing list [email protected] http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
