Using supervisorctl with linux permissions but without root or sudo

I love supervisord, it’s been a fantastic way to manage things like gunicorn and celery processes. But I didn’t like that I needed to use sudo to restart a running server, e.g.:

sudo supervisorctl restart todaysmeet-web

A quick look through the docs didn’t reveal how to fix this (it’s there but not in a task-oriented, easy-to-find way) and a quick search of the web turned up something close to what I wanted, but not exactly. (If you don’t care about using normal permissions, that method of using the TCP socket instead of the unix socket works great.)

Here’s how to do it.

In the /etc/supervisord.conf file, probably near the top, you’ll see a section called [unix_http_server]. Adjust the following settings:

[unix_http_server]
file=/var/tmp/supervisord.sock
chmod=0770
chown=nobody:web

In my case, on all my web servers, the users who have permissions to do things are in the web group, so I chmod=0770 to give the group read/write access to the socket and then chown=nobody:web to set the group. You could also set it to a specific user besides root or nobody, e.g. chown=james:james and leave the mode at 0700 to lock it down for one user.

Then you just need to make sure supervisorctl is communicating over the unix socket and not the TCP socket. In the [supervisorctl] section, just make sure serverurl is set correctly:

[supervisorctl]
serverurl=/var/tmp/supervisord.sock

Hope that helps someone else!