Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is root realy needed to use celery? #527

Open
tabacha opened this issue Nov 23, 2023 · 0 comments
Open

Is root realy needed to use celery? #527

tabacha opened this issue Nov 23, 2023 · 0 comments
Labels
enhancement

Comments

@tabacha
Copy link

tabacha commented Nov 23, 2023

In the Install.md there is documented, to run celery as root user:

C_FORCE_ROOT=1 celery -b redis://127.0.0.1:6379/0 -A patchman worker -l INFO -E

From a security perspertive it is not a good idea to run such a process as root.

We have created a user and a group and used the follwoing systemd file.

[Unit]
Description=Celery Service
After=network.target

[Service]
Type=simple
User=patchman_celery
Group=patchman_celery

#EnvironmentFile=/etc/default/celeryd
#WorkingDirectory=/home/user/django-project
ExecStart=celery -b redis://127.0.0.1:6379/0 -A patchman worker -l INFO -E

[Install]
WantedBy=multi-user.target

We do not see any issue until now. Permissions:

ls -la  /etc/patchman/local_settings.py
-rw-r----- 1 root www-data 2027 Nov 22 12:14 /etc/patchman/local_settings.py
id patchman_celery
uid=998(patchman_celery) gid=999(patchman_celery) groups=999(patchman_celery),33(www-data)

Here is an other example, how to start celery by systemd:
https://ahmadalsajid.medium.com/daemonizing-celery-beat-with-systemd-97f1203e7b32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@furlongm @tabacha