Limit which processes a user can restart with supervisor?
Solution 1:
You could use sudo
in place of your custom script to accomplish the same thing. That is, given the default supervisord
configuration, in which only root can run supervisorctl
, you could put an entry like this into /etc/sudoers
:
alice ALL = (root) NOPASSWD:/usr/bin/supervisorctl restart app1
bob ALL = (root) NOPASSWD:/usr/bin/supervisorctl restart app2
This would allow alice
to run sudo /usr/bin/supervisorctl restart app1
as root without having to provide a password, and it would allow bob
to restart app2
.