[Buildbot-devel] How to not run as root?

Alexander Staubo alex at byzantine.no
Mon Nov 8 23:44:54 UTC 2004 

Creating the .tap file as the desired user worked perfectly. Thank you 
very much.

Alexander.

Brian Warner wrote:
>>I don't know Twisted at all, so forgive me if this is an obvious question.
> 
> 
> No worries.. having the 'twistd' launcher-program change uids for you is one
> of the weirder parts, so very little about it is obvious :).
> 
> 
>>I am setting up BuildBot, but I want both the master and slaves to run 
>>as a specific user: primarily for security reasons, but also because the 
>>build/test process need to run as a certain user acount.
> 
> 
> Sounds good. Nothing about the buildbot itself requires any particular user
> to run, but of course your build process will have its own requirements.
> There's no reason why it should need root privileges.
> 
> 
>>However, if I try running the master with:
>>
>>$ su buildbot -c 'buildbot start .'
> 
> 
>>"/usr/local/lib/python2.3/site-packages/twisted/scripts/twistd.py", line 
>>134, in shedPrivileges
>>     switchUID(uid, gid, euid)
>>   File "/usr/local/lib/python2.3/site-packages/twisted/python/util.py", 
>>line 605, in switchUID
>>     setgid(gid)
>>OSError: [Errno 1] Operation not permitted
> 
> 
> Curious.. I haven't seen this problem before. My hunch is that the .tap file
> was created by a different user (i.e. 'buildbot master' was run by one user,
> but 'buildbot start' is being run by a different one), and twistd is trying
> to switch back to that userid when it starts, and switching userids requires
> root privileges. This would be annoying, and the brief testing I just did
> suggests that it's probably something else, but it's worth a shot doing both
> the 'buildbot master' and the 'buildbot start' as the same user.
> 
> Usually, when the buildbot is to be run as a different user than I'm
> currently under, I use sudo:
> 
> % sudo -u buildbot buildbot start path/to/buildmaster
> 
> It's conceivable that basic 'su' might behave slightly differently (how do
> they handle euid vs uid, for example?).
> 
> And for long-term use, I usually set up a '@reboot' cronjob from the target
> user's account to start the buildbot at each reboot. The goal of the new
> debian packaging is to make a proper /etc/init.d/ script to start all system
> buildbots, but that hasn't received a whole lot of testing yet, so I wouldn't
> be surprised if there are some problems.
> 
> Let me know if running both commands as the same users helps or not.. if not,
> I'll try to reproduce the problem here. What version of Twisted are you
> using?
> 
> good luck,
>  -Brian
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Sybase ASE Linux Express Edition - download now for FREE
> LinuxWorld Reader's Choice Award Winner for best database on Linux.
> http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
> _______________________________________________
> Buildbot-devel mailing list
> Buildbot-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/buildbot-devel

More information about the devel mailing list