Supervisor process permission management

Abnormal phenomena

Port 541 cannot be started to monitor because ordinary users can only start ports larger than 1024. Only the root user has the permission to start ports below 1024.

Supervisor changes the startup user

This changes the supervisor process from an ordinary user to a root user.

#Hansight Enterprise supervisor config file.

[unix_http_server]
file=/app/taishi/tmp/supervisor.sock; (the path to the socket file)
chown=admin;

[inet_http_server] ; inet (TCP) server disabled by default
port=*:9001; (ip_address:port specifier, *:port for all iface)
;username=user ; (default is no username (open server))
;password=123 ; (default is no password (open server)

[supervisord]
logfile=/app/taishi/logs/supervisord.log; (main log file;default $CWD/supervisord.log)
logfile_maxbytes=50MB; (max main logfile bytes b4 rotation;default 50MB)
logfile_backups=10; (num of main logfile rotation backups;default 10)
loglevel=info; (log level;default info; others: debug,warn,trace)
pidfile=/app/taishi/tmp/supervisord.pid; (supervisord pidfile;default supervisord.pid)
nodaemon=false; (start in foreground if true;default false)
user=admin; (default is current user, required if root)
minfds=655350; (min. avail startup file descriptors; default 1024)
minprocs=655350; (min. avail process descriptors; default 200)
;umask=022 ; (process file creation umask;default 022)
;user=hansight ; (default is current user, required if root)
;identifier=supervisor ; (supervisord identifier, default is 'supervisor')
;directory=/tmp ; (default is not to cd during start)
;nocleanup=true ; (don't clean up tempfiles at start;default false)
;childlogdir=/tmp ; ('AUTO' child log dir, default $TEMP)
;environment=KEY="value" ; (key value pairs to add to environment)
;strip_ansi=false ; (strip ansi escape codes in logs; def. false)

[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface

[supervisorctl]
serverurl=unix:///app/taishi/tmp/supervisor.sock ; use a unix:// URL for a unix socket

[include]
files=/app/taishi/etc/supervisord/*.ini

general user

#Hansight Enterprise supervisor config file.

[unix_http_server]
file=/app/taishi/supervisor.sock; (the path to the socket file)
chown=root;

[inet_http_server] ; inet (TCP) server disabled by default
port=*:9001; (ip_address:port specifier, *:port for all iface)
;username=user ; (default is no username (open server))
;password=123 ; (default is no password (open server)

[supervisord]
logfile=/app/taishi/logs/supervisord.log; (main log file;default $CWD/supervisord.log)
logfile_maxbytes=50MB; (max main logfile bytes b4 rotation;default 50MB)
logfile_backups=10; (num of main logfile rotation backups;default 10)
loglevel=info; (log level;default info; others: debug,warn,trace)
pidfile=/app/taishi/tmp/supervisord.pid; (supervisord pidfile;default supervisord.pid)
nodaemon=false; (start in foreground if true;default false)
user=root; (default is current user, required if root)
minfds=655350; (min. avail startup file descriptors; default 1024)
minprocs=655350; (min. avail process descriptors; default 200)
;umask=022 ; (process file creation umask;default 022)
;user=hansight ; (default is current user, required if root)
;identifier=supervisor ; (supervisord identifier, default is 'supervisor')
;directory=/tmp ; (default is not to cd during start)
;nocleanup=true ; (don't clean up tempfiles at start;default false)
;childlogdir=/tmp ; ('AUTO' child log dir, default $TEMP)
;environment=KEY="value" ; (key value pairs to add to environment)
;strip_ansi=false ; (strip ansi escape codes in logs; def. false)

[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface

[supervisorctl]
serverurl=unix:///app/taishi/supervisor.sock ; use a unix:// URL for a unix socket

[include]
files=/app/taishi/etc/supervisord/*.ini

root user