Skip to content
Snippets Groups Projects
Commit 4d475816 authored by Tim Kreuzer's avatar Tim Kreuzer
Browse files

Merge branch 'permission_fix' into 'main'

Permission fix

See merge request !11
parents c157ac2f 8f8ef3d3
No related branches found
No related tags found
1 merge request!11Permission fix
Pipeline #106835 passed
......@@ -40,20 +40,8 @@ class TunnelConfig(AppConfig):
"Could not delete k8s service", extra=kwargs, exc_info=True
)
continue
try:
log.debug("Create k8s svc")
k8s_svc("create", alert_admins=True, **kwargs)
except:
log.warning(
"Could not create k8s service. Stop/Delete tunnel",
extra=kwargs,
exc_info=True,
)
try:
stop_and_delete(raise_exception=False, **kwargs)
tunnel.delete()
except:
log.exception("Could not stop/delete ssh tunnel", extra=kwargs)
k8s_svc("create", alert_admins=True, raise_exception=False, **kwargs)
def create_user(self, username, passwd, groups=[], superuser=False, mail=""):
from django.contrib.auth.models import Group
......
......@@ -116,7 +116,18 @@ def run_popen_cmd(
extra=log_extra,
)
with subprocess.Popen(cmd, stderr=subprocess.PIPE, stdout=subprocess.PIPE) as p:
# gunicorn preload app feature does not use gunicorn user/group but
# the current uid instead. Which is root. We don't want to run commands as root.
def set_uid():
def result():
os.setuid(1000)
os.setgid(100)
return result
with subprocess.Popen(
cmd, stderr=subprocess.PIPE, stdout=subprocess.PIPE, preexec_fn=set_uid()
) as p:
stdout, stderr = p.communicate()
returncode = p.returncode
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment