[uWSGI] before_privileges_drop in python

Roberto De Ioris roberto at unbit.it
Mon Oct 14 20:03:31 CEST 2013

> I am looking at the recent check-ins related to hooks. These look really
> promising.
> My previous pull request contained a python hook for as_root which allowed
> us to hook before dropping privs.
> We are effectively looking to have something like the following in our
> production.wsgi config
> from uwsgidecorators import before_privilege_drop
> @before_privilege_drop
> def root_required_initialization():
>     ... do stuff ...
> Is the preferred method to do this as a C module and hook in via the
> as_root hooks or to extend the python plugin to provide this new hook akin
> to post_fork
> _______________________________________________
> uWSGI mailing list
> uWSGI at lists.unbit.it
> http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi

Hi, the problem is that in the before_privilege_drop phase there is no
python vm available (it is created 2 phases later)

The only "clean" solution coming to my mind is using --master-as-root, so
application loading happens as root while workers run as unprivileged

A less "clean" solution could be calling


as a hook, but i do not know if re-calling Py_Initialize() after
Py_Finalize() is totally safe

Roberto De Ioris

More information about the uWSGI mailing list