New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Permession denied error when use supervisorctl #173

Closed
notedit opened this Issue Nov 26, 2012 · 9 comments

Comments

10 participants
@notedit

notedit commented Nov 26, 2012

i am use supervisor + flask + gunicorn + virtalenv to deply my app, when i use supervisorctl, it shows me the error:

error: <class 'socket.error'>, [Errno 13] Permission denied: file: /usr/lib/python2.7/socket.py line: 224

this is supervisor.conf

[inet_http_server]
port=127.0.0.1:9001
username=xxx
password=xxxx

[supervisord]
logfile=/tmp/supervisord.log
logfile_maxbytes=10MB
logfile_backups=10
loglevel=info
pidfile=/tmp/supervisord.pid
user=wwwuser

[supervisorctl]
serverurl=http://127.0.0.1:9001
username=xxx
password=xxx

[program:xxxxxxxxx]
command=gunicorn -w 4 -k gevent -p /tmp/site.pid -b 127.0.0.1:6000 manage:app
process_name=%(program_name)s
numprocs=1
directory=/home/wwwuser/site
autostart=true
user=wwwuser
redirect_stderr=true
stdout_logfile=/tmp/site-out.log
stdout_logfile_maxbytes=1MB
stdout_logfile_backups=10
stderr_logfile=/tmp/site-err.log
stderr_logfile_maxbytes=1MB
stderr_logfile_backups=10

@jtushman

This comment has been minimized.

Show comment
Hide comment
@jtushman

jtushman commented Feb 11, 2013

+1

@willperkins

This comment has been minimized.

Show comment
Hide comment
@willperkins

willperkins Mar 23, 2013

I'm also having this problem on ubuntu 12.04 when installing supervisor 3.0a8-1.1 via the system package manager. I create a simple program like in the tutorial: http://supervisord.org/running.html#adding-a-program

willperkins commented Mar 23, 2013

I'm also having this problem on ubuntu 12.04 when installing supervisor 3.0a8-1.1 via the system package manager. I create a simple program like in the tutorial: http://supervisord.org/running.html#adding-a-program

@ernix

This comment has been minimized.

Show comment
Hide comment
@ernix

ernix Apr 3, 2013

I chown'ed /tmp/supervisor.sock owner and solved this issue.

ernix commented Apr 3, 2013

I chown'ed /tmp/supervisor.sock owner and solved this issue.

@yourilima

This comment has been minimized.

Show comment
Hide comment
@yourilima

yourilima Apr 16, 2013

in your supervisord.conf you can do something like the following

just make it writable for all

[unix_http_server]
file=/tmp/supervisor.sock   ; (the path to the socket file)
chmod=0766                 ; socket file mode (default 0700)

controll who actually owns the file

[unix_http_server]
file=/tmp/supervisor.sock   ; (the path to the socket file)
chmod=0760                 ; socket file mode (default 0700)
chown=myuser:group       ; socket file uid:gid owner

this last one im not sure as i have not tested and i dont completely understand behavior here. I also dont care cause It doesnt look very safe:

[unix_http_server]
file=/tmp/supervisor.sock   ; (the path to the socket file)
chmod=0700                ; socket file mode (default 0700)
username=root              ; (default is no username (open server))
password=yourrootpassword               ; (default is no password (open server))

yourilima commented Apr 16, 2013

in your supervisord.conf you can do something like the following

just make it writable for all

[unix_http_server]
file=/tmp/supervisor.sock   ; (the path to the socket file)
chmod=0766                 ; socket file mode (default 0700)

controll who actually owns the file

[unix_http_server]
file=/tmp/supervisor.sock   ; (the path to the socket file)
chmod=0760                 ; socket file mode (default 0700)
chown=myuser:group       ; socket file uid:gid owner

this last one im not sure as i have not tested and i dont completely understand behavior here. I also dont care cause It doesnt look very safe:

[unix_http_server]
file=/tmp/supervisor.sock   ; (the path to the socket file)
chmod=0700                ; socket file mode (default 0700)
username=root              ; (default is no username (open server))
password=yourrootpassword               ; (default is no password (open server))
@jadjoubran

This comment has been minimized.

Show comment
Hide comment
@jadjoubran

jadjoubran Jul 31, 2014

I only had this issue if I wasn't logged in as root. So a normal sudo supervisorctl would solve the issue

jadjoubran commented Jul 31, 2014

I only had this issue if I wasn't logged in as root. So a normal sudo supervisorctl would solve the issue

@karl-gustav

This comment has been minimized.

Show comment
Hide comment
@karl-gustav

karl-gustav Nov 19, 2014

Are we supposed to use supervisorctl with sudo?

karl-gustav commented Nov 19, 2014

Are we supposed to use supervisorctl with sudo?

@zhao-ji

This comment has been minimized.

Show comment
Hide comment
@zhao-ji

zhao-ji Jul 10, 2015

meet it too!

zhao-ji commented Jul 10, 2015

meet it too!

@tawanda

This comment has been minimized.

Show comment
Hide comment
@tawanda

tawanda Feb 19, 2016

While many of our readers will get away with running the command again with sudo, and succeeding, there is a better way! The permission error stems from access permissions to supervisord’s socket file, which by default is owned by root, and not writeable by other users. We can make supervisord chown and chmod the file to a particular user or group on startup, granting the user or group permission to stop and start the services we’ve configured without requiring sudo.

Let’s create a group, add ourselves to it by doing the following

groupadd supervisor
usermod -a -G supervisor

After logging-out/logging-in (so that the new group membership takes effect), edit the supervisord configuration file (/etc/supervisor/supervisor.conf) to make the unix_http_server section look as follows

[unix_http_server]
file=/var/run/supervisor.sock ; (the path to the socket file)
chmod=0770 ; socket file mode (default 0700)
chown=root:supervisor

Notice that we have chmod’ded the file to 0770 (writeable by owner and group), and chowned the file to root:supervisor, which will allow members of the supervisor group to make calls to supervisorctl. We must restart supervisord one last time

supervisorctl reload

or

sudo service supervisor restart

REF:

https://bixly.com/blog/supervisord-or-how-i-learned-to-stop-worrying-and-um-use-supervisord/

tawanda commented Feb 19, 2016

While many of our readers will get away with running the command again with sudo, and succeeding, there is a better way! The permission error stems from access permissions to supervisord’s socket file, which by default is owned by root, and not writeable by other users. We can make supervisord chown and chmod the file to a particular user or group on startup, granting the user or group permission to stop and start the services we’ve configured without requiring sudo.

Let’s create a group, add ourselves to it by doing the following

groupadd supervisor
usermod -a -G supervisor

After logging-out/logging-in (so that the new group membership takes effect), edit the supervisord configuration file (/etc/supervisor/supervisor.conf) to make the unix_http_server section look as follows

[unix_http_server]
file=/var/run/supervisor.sock ; (the path to the socket file)
chmod=0770 ; socket file mode (default 0700)
chown=root:supervisor

Notice that we have chmod’ded the file to 0770 (writeable by owner and group), and chowned the file to root:supervisor, which will allow members of the supervisor group to make calls to supervisorctl. We must restart supervisord one last time

supervisorctl reload

or

sudo service supervisor restart

REF:

https://bixly.com/blog/supervisord-or-how-i-learned-to-stop-worrying-and-um-use-supervisord/

@jdpigeon

This comment has been minimized.

Show comment
Hide comment
@jdpigeon

jdpigeon Jan 19, 2017

^ Works wonderfully!

Don't forget to add your username to the usermod command, though.

usermod -a <your-username> -G supervisor

For people like me who are new to Linux, you can get your current username with whoami

jdpigeon commented Jan 19, 2017

^ Works wonderfully!

Don't forget to add your username to the usermod command, though.

usermod -a <your-username> -G supervisor

For people like me who are new to Linux, you can get your current username with whoami

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment