fix init script and pidfile ownership

   By running everything as root and telling uwsgi to run as a user,
   we can accomplish everything we need with pidfile ownership,
   service execution, and hex-zero operation

3 files changed, 10 insertions, 9 deletions

diff --git a/config/hex-zero.conf.example b/config/hex-zero.conf.example
index 2e7ffa0..71d93e3 100644
--- a/config/hex-zero.conf.example
+++ b/config/hex-zero.conf.example
@@ -55,6 +55,7 @@ WSGI_LOGGING = {
             'stream': 'ext://flask.logging.wsgi_errors_stream',
             'formatter': 'default'
         },
+        # file handler is only useful when running in debug mode. The shell script actually calls the uwsgi server with the right attributes to log to a file.
         'file': {
             'class': 'logging.handlers.RotatingFileHandler',
             'formatter': 'default',
@@ -65,6 +66,6 @@ WSGI_LOGGING = {
     },
     'root': {
         'level': 'INFO',
-        'handlers': ['file']
+        'handlers': ['file','wsgi']
     },
 }
diff --git a/config/hex-zero.init b/config/hex-zero.init
index 17bac95..18dbf60 100755
--- a/config/hex-zero.init
+++ b/config/hex-zero.init
@@ -19,7 +19,7 @@ DESC="hex-zero"
 NAME=hex-zero
 DAEMON=/var/www/0x0/hex-zero.wsgi
 DAEMON_ARGS=""
-PIDFILE=/tmp/$NAME.pid
+PIDFILE=/var/run/$NAME.pid
 SCRIPTNAME=/etc/init.d/$NAME
 USER=hex-zero
 
@@ -54,10 +54,10 @@ do_start()
    #su $USER -c "$DAEMON" &
 	# The above code will not work for interpreted scripts, use the next
 	# six lines below instead (Ref: #643337, start-stop-daemon(8) )
-	start-stop-daemon --start --chuid $USER --pidfile $PIDFILE --startas $DAEMON \
+	start-stop-daemon --start --pidfile $PIDFILE --startas $DAEMON \
 		--name uwsgi_python3 --test > /dev/null \
 		|| return 1
-	start-stop-daemon --start --chuid $USER --background --pidfile $PIDFILE --startas $DAEMON \
+	start-stop-daemon --start --background --pidfile $PIDFILE --startas $DAEMON \
 		--name uwsgi_python3 -- $DAEMON_ARGS \
 		|| return 2
 
diff --git a/hex-zero.wsgi b/hex-zero.wsgi
index 7f10e20..d3979ee 100755
--- a/hex-zero.wsgi
+++ b/hex-zero.wsgi
@@ -4,16 +4,16 @@ test -z "${UWSGI_USER}" && export UWSGI_USER=hex-zero
 test -z "${UWSGI_BIN}" && export UWSGI_BIN=/usr/bin/uwsgi_python3
 test -z "${LISTEN_HOST}" && export LISTEN_HOST=localhost
 test -z "${LISTEN_PORT}" && export LISTEN_PORT=3031
-test -z "${PIDFILE}" && export PIDFILE=/tmp/hex-zero.pid
+test -z "${PIDFILE}" && export PIDFILE=/var/run/hex-zero.pid
 test -z "${LOGFILE}" && export LOGFILE=/var/log/hex-zero/hex-zero.log
-test -z "${UWSGI_OPTS}" && export UWSGI_OPTS="--http-socket ${LISTEN_HOST}:${LISTEN_PORT} --wsgi-file /var/www/0x0/hex-zero.py --callable app --log-x-forwarded-for --logto ${LOGFILE} --touch-reload /var/www/0x0/hex-zero.py --touch-reload /var/www/0x0/hex-zero.conf --pidfile ${PIDFILE}"
+test -z "${UWSGI_OPTS}" && export UWSGI_OPTS="--http-socket ${LISTEN_HOST}:${LISTEN_PORT} --wsgi-file /var/www/0x0/hex-zero.py --callable app --log-x-forwarded-for --logto ${LOGFILE} --touch-reload /var/www/0x0/hex-zero.py --touch-reload /var/www/0x0/hex-zero.conf --pidfile ${PIDFILE} --uid ${UWSGI_USER}"
 
 #test -n "${FORCE_KILL_OLD_UWSGI}" && {
 #   ps -o user=,pid=,command:80= -u "${UWSGI_USER}" | awk '/hex-zero\.py/{print $2}' | xargs --no-run-if-empty kill 
 #}
 
-#test "${UWSGI_USER}" != "${USER}" && {
-#   printf "Please run $0 as user UWSGI_USER (${UWSGI_USER}) and not $USER. Aborted.\n" 1>&2 ; exit 1 ;
-#}
+test "${USER}" != "root" && test -n "${USER}" && {
+   printf "Please run $0 as user root. It will downgrade permissions when running uwsgi. Aborted.\n" 1>&2 ; exit 1 ;
+}
 
 ${UWSGI_BIN} ${UWSGI_OPTS}