Supervisor: Permession denied error when use supervisorctl
i am use supervisor + flask + gunicorn + virtalenv to deply my app, when i use supervisorctl, it shows me the error:
error:
this is supervisor.conf
[inet_http_server]
port=127.0.0.1:9001
username=xxx
password=xxxx
[supervisord]
logfile=/tmp/supervisord.log
logfile_maxbytes=10MB
logfile_backups=10
loglevel=info
pidfile=/tmp/supervisord.pid
user=wwwuser
[supervisorctl]
serverurl=http://127.0.0.1:9001
username=xxx
password=xxx
[program:xxxxxxxxx]
command=gunicorn -w 4 -k gevent -p /tmp/site.pid -b 127.0.0.1:6000 manage:app
process_name=%(program_name)s
numprocs=1
directory=/home/wwwuser/site
autostart=true
user=wwwuser
redirect_stderr=true
stdout_logfile=/tmp/site-out.log
stdout_logfile_maxbytes=1MB
stdout_logfile_backups=10
stderr_logfile=/tmp/site-err.log
stderr_logfile_maxbytes=1MB
stderr_logfile_backups=10
notedit
All 12 comments
+1
jtushman
on 11 Feb 2013
I'm also having this problem on ubuntu 12.04 when installing supervisor 3.0a8-1.1 via the system package manager. I create a simple program like in the tutorial: http://supervisord.org/running.html#adding-a-program
willperkins
on 23 Mar 2013
I chown'ed /tmp/supervisor.sock owner and solved this issue.
ernix
on 3 Apr 2013
in your supervisord.conf you can do something like the following
just make it writable for all
[unix_http_server]
file=/tmp/supervisor.sock ; (the path to the socket file)
chmod=0766 ; socket file mode (default 0700)
controll who actually owns the file
[unix_http_server]
file=/tmp/supervisor.sock ; (the path to the socket file)
chmod=0760 ; socket file mode (default 0700)
chown=myuser:group ; socket file uid:gid owner
this last one im not sure as i have not tested and i dont completely understand behavior here. I also dont care cause It doesnt look very safe:
[unix_http_server]
file=/tmp/supervisor.sock ; (the path to the socket file)
chmod=0700 ; socket file mode (default 0700)
username=root ; (default is no username (open server))
password=yourrootpassword ; (default is no password (open server))
yourilima
on 16 Apr 2013
I only had this issue if I wasn't logged in as root. So a normal sudo supervisorctl would solve the issue
jadjoubran
on 31 Jul 2014
Are we supposed to use supervisorctl with sudo?
karl-gustav
on 19 Nov 2014
meet it too!
zhao-ji
on 10 Jul 2015
While many of our readers will get away with running the command again with sudo, and succeeding, there is a better way! The permission error stems from access permissions to supervisord’s socket file, which by default is owned by root, and not writeable by other users. We can make supervisord chown and chmod the file to a particular user or group on startup, granting the user or group permission to stop and start the services we’ve configured without requiring sudo.
Let’s create a group, add ourselves to it by doing the following
groupadd supervisor
usermod -a -G supervisor
After logging-out/logging-in (so that the new group membership takes effect), edit the supervisord configuration file (/etc/supervisor/supervisor.conf) to make the unix_http_server section look as follows
[unix_http_server]
file=/var/run/supervisor.sock ; (the path to the socket file)
chmod=0770 ; socket file mode (default 0700)
chown=root:supervisor
Notice that we have chmod’ded the file to 0770 (writeable by owner and group), and chowned the file to root:supervisor, which will allow members of the supervisor group to make calls to supervisorctl. We must restart supervisord one last time
supervisorctl reload
or
sudo service supervisor restart
REF:
https://bixly.com/blog/supervisord-or-how-i-learned-to-stop-worrying-and-um-use-supervisord/
tawanda
on 19 Feb 2016
^ Works wonderfully!
Don't forget to add your username to the usermod command, though.
usermod -a <your-username> -G supervisor
For people like me who are new to Linux, you can get your current username with whoami
jdpigeon
on 19 Jan 2017
^ Works wonderfully!
Don't forget to add your username to the usermod command, though.
usermod -a <your-username> -G supervisorFor people like me who are new to Linux, you can get your current username with
whoami
and for aws linux ami
usermod -a -G supervisor ec2-user(or your username)
keniWilliamsEst
on 7 Jun 2019
For someone who still fails to use supervisorctl without root permission, you may check the permission of the directory which contains the sock file:
ls -ld /var/run/supervisor/
if you can't access to this directory, you should use chown or chmod as follows:
chown user:group /var/run/supervisor/
or
chmod 777 /var/run/supervisor/
neoli0222
on 5 Sep 2019
For me it helped to move the socket from /var/run/supervisord/supervisord.sock to something like /tmp/supervisord.sock and change the permissions to 766.
Even after changing the config to adjust the file permissions, the folder /var/run/supervisord/ still wasn't accessible for unprivileged users.
[unix_http_server]
;file=/var/run/supervisord/supervisord.sock ; default value
file=/tmp/supervisord.sock
chmod=0766
[supervisorctl]
;serverurl=unix:///var/run/supervisord/supervisord.sock ; default value
serverurl=unix:///tmp/supervisord.sock
fechnert
on 14 Jan 2021
Related issues
mnaberez
·
4Comments
ngton
·
4Comments
alexmnv
·
3Comments
cachvico
·
3Comments
eromoe
·
3Comments
Most helpful comment
in your supervisord.conf you can do something like the following
just make it writable for all
controll who actually owns the file
this last one im not sure as i have not tested and i dont completely understand behavior here. I also dont care cause It doesnt look very safe: