On 2/9/21 10:17 AM, rainbear@gmail.com wrote:
# service mailman3-web stop [....] Stopping Mailman3-web uWSGI service: mailman3-webstart-stop-daemon: matching on world-writable pidfile /run/mailman3-web/mailman3-web.pid is insecure
# ls -l /run/mailman3-web/mailman3-web.pid -rw-rw-rw- 1 root root 6 Feb 9 13:00 /run/mailman3-web/mailman3-web.pid
This would appear to be either a Debian or uWSGI issue. In my case, I use gunicorn as the WSGI interface to Django, and on the server that supports this list, I have
$ cat /etc/init/gunicorn.conf description "gunicorn for Mailman"
start on runlevel [2345] stop on runlevel [016]
respawn respawn limit 10 5
setuid mailman setgid mailman
chdir /opt/mailman/mm/
exec /opt/mailman/mm/bin/gunicorn -c /opt/mailman/mm/deployment/gunicorn.conf mailman_web.wsgi:application
$ cat /opt/mailman/mm/deployment/gunicorn.conf bind = ['127.0.0.1:8000'] proc_name = "mailman-web" chdir = "/opt/mailman/mm" pidfile = "/opt/mailman/mm/var/gunicorn.pid" accesslog = "/opt/mailman/mm/var/logs/access.log" errorlog = "/opt/mailman/mm/var/logs/error.log" #daemon = True workers = 4 # Increase timout to allow downloading large archive mboxes. # Note even 300 is not enough for the entire python-dev@python.org archive. # I added 'disallow: /*/export/' to robots.txt to try to stop crawlers. timeout = 120
$ ll /opt/mailman/mm/var/gunicorn.pid -rw-r--r-- 1 mailman mailman 6 Feb 7 00:13 /opt/mailman/mm/var/gunicorn.pid
Some other servers I manage use systemd rather than upstart, but the permissions on the PIP file are the same.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan