From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS14383 205.234.109.0/24 X-Spam-Status: No, score=-0.7 required=5.0 tests=MSGID_FROM_MTA_HEADER, RP_MATCHES_RCVD shortcircuit=no autolearn=unavailable version=3.3.2 Path: news.gmane.org!not-for-mail From: =?iso-8859-1?q?I=F1aki_Baz_Castillo?= Newsgroups: gmane.comp.lang.ruby.unicorn.general Subject: Re: "unicorn -D" always returns 0 "success" (even when failed to load) Date: Mon, 28 Dec 2009 11:39:08 +0100 Message-ID: <200912281139.09065.ibc@aliax.net> References: <200912260529.45530.ibc@aliax.net> <200912270406.39535.ibc@aliax.net> <20091228032902.GC4349@dcvr.yhbt.net> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Trace: ger.gmane.org 1261996763 29629 80.91.229.12 (28 Dec 2009 10:39:23 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 28 Dec 2009 10:39:23 +0000 (UTC) To: mongrel-unicorn@rubyforge.org Original-X-From: mongrel-unicorn-bounces@rubyforge.org Mon Dec 28 11:39:16 2009 Return-path: Envelope-to: gclrug-mongrel-unicorn@m.gmane.org X-Original-To: mongrel-unicorn@rubyforge.org Delivered-To: mongrel-unicorn@rubyforge.org User-Agent: KMail/1.12.2 (Linux/2.6.28-16-generic; KDE/4.3.2; x86_64; ; ) In-Reply-To: <20091228032902.GC4349@dcvr.yhbt.net> X-BeenThere: mongrel-unicorn@rubyforge.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: mongrel-unicorn-bounces@rubyforge.org Errors-To: mongrel-unicorn-bounces@rubyforge.org Xref: news.gmane.org gmane.comp.lang.ruby.unicorn.general:264 Archived-At: Received: from rubyforge.org ([205.234.109.19]) by lo.gmane.org with esmtp (Exim 4.50) id 1NPD0O-0002pQ-30 for gclrug-mongrel-unicorn@m.gmane.org; Mon, 28 Dec 2009 11:39:16 +0100 Received: from rubyforge.org (rubyforge.org [127.0.0.1]) by rubyforge.org (Postfix) with ESMTP id 4583118582C9; Mon, 28 Dec 2009 05:39:16 -0500 (EST) Received: from mail-ew0-f222.google.com (mail-ew0-f222.google.com [209.85.219.222]) by rubyforge.org (Postfix) with ESMTP id 2753A18582C3 for ; Mon, 28 Dec 2009 05:39:14 -0500 (EST) Received: by ewy22 with SMTP id 22so12331507ewy.19 for ; Mon, 28 Dec 2009 02:39:13 -0800 (PST) Received: by 10.213.2.81 with SMTP id 17mr4130080ebi.83.1261996752964; Mon, 28 Dec 2009 02:39:12 -0800 (PST) Received: from ibc-laptop.localnet (3.Red-83-57-15.dynamicIP.rima-tde.net [83.57.15.3]) by mx.google.com with ESMTPS id 15sm8061500ewy.4.2009.12.28.02.39.11 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 28 Dec 2009 02:39:11 -0800 (PST) El Lunes, 28 de Diciembre de 2009, Eric Wong escribi=F3: > > The master process would start properly and would notify "success" to > > grandparent. (so the init script returns 0). But the fact is that all t= he > > workers fail to start and are respawned again and again. > = > For that particular case there'll be a Unicorn::Configurator#user > directive. > = > But really, there's absolutely no good reason to use user switching in a > backend application server like Unicorn. > = > I only added that feature to support derivative servers like Rainbows!, > and even then it's debatable since using things like iptables or load > balancers can be used to redirect port 80 to arbitrary ports anyways. Well, chaning the running user it's common in most of servers. I've already = found lots of cases of attacks to Apache servers running some "cool" PHP = application (so we get exploits in /tmp or/var/tmp as they are the only = writable paths for "www-data" user running apache). However it's true that Unicorn approach (worker.user) is different as the = master process remains as root (but since the master process doesn't listen= it = shouldn't matter). So, do you mean that there will be a new configuration option called "user" = (and "group") so also themaster process would run as such user? Thanks. -- = I=F1aki Baz Castillo _______________________________________________ Unicorn mailing list - mongrel-unicorn@rubyforge.org http://rubyforge.org/mailman/listinfo/mongrel-unicorn Do not quote signatures (like this one) or top post when replying