El Lunes, 28 de Diciembre de 2009, Iñaki Baz Castillo escribió:
> El Lunes, 28 de Diciembre de 2009, Eric Wong escribió:
> > Since there's absolutely no point in running Unicorn on port 80/443, you
> > should just avoid user switching entirely since it'll significantly
> > simplify your setup(s).
>
> The problem are init scripts as they are executed by init process (as
> root). There are some ways to run a commandwith other user (as "su") but
> AFAIK most of the servers implement full user switching (not just worker
> processes) by themself.
I've found this workaround by adding the following (extracted from
Worker#user) at the top of unicorn.conf.rb:
if Process.euid == 0 && (user = MyApp::Config[:user])
group = MyApp::Config[:group]
uid = Etc.getpwnam(user).uid
gid = Etc.getgrnam(group).gid if group
if gid && Process.egid != gid
Process.initgroups(user, gid)
Process::GID.change_privilege(gid)
end
Process.euid != uid and Process::UID.change_privilege(uid)
end
Of course using it a worker cannot listen in port <= 1024, but as you said,
what's the problem with that? :)
Regards.
--
Iñaki Baz Castillo <[email protected]>
_______________________________________________
Unicorn mailing list - [email protected]
http://rubyforge.org/mailman/listinfo/mongrel-unicorn
Do not quote signatures (like this one) or top post when replying
