* [ANN] unicorn 5.5.0.pre1 - Rack HTTP server for fast clients and Unix
@ 2018-12-20 22:28 5% Eric Wong
0 siblings, 0 replies; 3+ results
From: Eric Wong @ 2018-12-20 22:28 UTC (permalink / raw)
To: ruby-talk, unicorn-public; +Cc: Jeremy Evans
unicorn is an HTTP server for Rack applications designed to only serve
fast clients on low-latency, high-bandwidth connections and take
advantage of features in Unix/Unix-like kernels. Slow clients should
only be served by placing a reverse proxy capable of fully buffering
both the the request and response in between unicorn and slow clients.
Disclaimer:
Due to its ability to tolerate crashes and isolate clients, unicorn
is unfortunately known to prolong the existence of bugs in applications
and libraries which run on top of it.
* https://bogomips.org/unicorn/
* public list: unicorn-public@bogomips.org
* mail archives: https://bogomips.org/unicorn-public/
* git clone https://bogomips.org/unicorn.git
* https://bogomips.org/unicorn/NEWS.atom.xml
* nntp://news.public-inbox.org/inbox.comp.lang.ruby.unicorn
This is a pre-release RubyGem intended for testing.
Changes:
unicorn 5.5.0.pre1
Jeremy Evans contributed the "default_middleware" configuration option:
https://bogomips.org/unicorn-public/20180913192055.GD48926@jeremyevans.local/
Jeremy also contributed the ability to use separate groups for the process
and log files:
https://bogomips.org/unicorn-public/20180913192449.GE48926@jeremyevans.local/
There's also a couple of uninteresting minor optimizations and
documentation additions.
Eric Wong (10):
remove random seed reset atfork
use IO#wait instead of kgio_wait_readable
Merge branch '5.4-stable'
shrink pipes under Linux
socket_helper: add hint for FreeBSD users for accf_http(9)
tests: ensure -N/--no-default-middleware not supported in config.ru
doc: update more URLs to use HTTPS and avoid redirects
deduplicate strings VM-wide in Ruby 2.5+
doc/ISSUES: add links to git clone-able mail archives of our dependencies
README: minor updates and additional disclaimer
Jeremy Evans (2):
Make Worker#user support different process primary group and log file group
Support default_middleware configuration option
--
^ permalink raw reply [relevance 5%]
* Re: Make Worker#user support different process primary group and log file group
2018-09-13 19:24 14% Make Worker#user support different process primary group and log file group Jeremy Evans
@ 2018-09-13 22:53 10% ` Eric Wong
0 siblings, 0 replies; 3+ results
From: Eric Wong @ 2018-09-13 22:53 UTC (permalink / raw)
To: Jeremy Evans; +Cc: unicorn-public
Jeremy Evans <code@jeremyevans.net> wrote:
> This patch allows Worker#user to accept the group argument as an array
> of two strings, the first string being the process primary group, and
> the second string being the group that owns the log files. This can
> help when you have a large number of applications that use unique
> primary groups, and want to have a user with the ability to read the log
> files for any of the applications, especially if you are on an operating
> system that only supports a small number of groups per user.
Fwiw, I don't understand why there's a blurb here for an
isolated patch when your commit message below is is sufficient :)
Along the same lines, "--cover-letter" in git-format-patch(1)
isn't necessary for single patches, either, but they help with a
multi-patch series.
> Subject: [PATCH] Make Worker#user support different process primary group and
> log file group
>
> Previously, Unicorn always used the process's primary group as the
> the group of the log file. However, there are reasons to use a
> separate group for the log files, such as when you have many
> applications where each application uses it's own user and primary
> group, but you want to be able to have a user read the log files
> for all applications. Some operating systems have a fairly small
> limit on the number of groups per user, and it may not be feasible
> to have a user be in the primary group for all applications.
> a primary group
Anyways, this featureseems acceptable. Pushed to master as
47fddb53aa0b7763f353ba515cf3fb5b2059f4f7
Thanks
^ permalink raw reply [relevance 10%]
* Make Worker#user support different process primary group and log file group
@ 2018-09-13 19:24 14% Jeremy Evans
2018-09-13 22:53 10% ` Eric Wong
0 siblings, 1 reply; 3+ results
From: Jeremy Evans @ 2018-09-13 19:24 UTC (permalink / raw)
To: unicorn-public
This patch allows Worker#user to accept the group argument as an array
of two strings, the first string being the process primary group, and
the second string being the group that owns the log files. This can
help when you have a large number of applications that use unique
primary groups, and want to have a user with the ability to read the log
files for any of the applications, especially if you are on an operating
system that only supports a small number of groups per user.
Thanks,
Jeremy
From 780bd79d2f1fd40e7daae969ff482c3fd9d58ad7 Mon Sep 17 00:00:00 2001
From: Jeremy Evans <code@jeremyevans.net>
Date: Thu, 13 Sep 2018 11:16:38 -0700
Subject: [PATCH] Make Worker#user support different process primary group and
log file group
Previously, Unicorn always used the process's primary group as the
the group of the log file. However, there are reasons to use a
separate group for the log files, such as when you have many
applications where each application uses it's own user and primary
group, but you want to be able to have a user read the log files
for all applications. Some operating systems have a fairly small
limit on the number of groups per user, and it may not be feasible
to have a user be in the primary group for all applications.
a primary group
---
lib/unicorn/worker.rb | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/lib/unicorn/worker.rb b/lib/unicorn/worker.rb
index 68de17e..5ddf379 100644
--- a/lib/unicorn/worker.rb
+++ b/lib/unicorn/worker.rb
@@ -122,6 +122,11 @@ def close # :nodoc:
# the +after_fork+ hook after any privileged functions need to be
# run (e.g. to set per-worker CPU affinity, niceness, etc)
#
+ # +group+ can be specified as a string, or as an array of two
+ # strings. If an array of two strings is given, the first string
+ # is used as the primary group of the process, and the second is
+ # used as the group of the log files.
+ #
# Any and all errors raised within this method will be propagated
# directly back to the caller (usually the +after_fork+ hook.
# These errors commonly include ArgumentError for specifying an
@@ -134,8 +139,17 @@ def user(user, group = nil, chroot = false)
# insufficient because modern systems have fine-grained
# capabilities. Let the caller handle any and all errors.
uid = Etc.getpwnam(user).uid
- gid = Etc.getgrnam(group).gid if group
- Unicorn::Util.chown_logs(uid, gid)
+
+ if group
+ if group.is_a?(Array)
+ group, log_group = group
+ log_gid = Etc.getgrnam(log_group).gid
+ end
+ gid = Etc.getgrnam(group).gid
+ log_gid ||= gid
+ end
+
+ Unicorn::Util.chown_logs(uid, log_gid)
if gid && Process.egid != gid
Process.initgroups(user, gid)
Process::GID.change_privilege(gid)
--
2.17.1
^ permalink raw reply related [relevance 14%]
Results 1-3 of 3 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2018-09-13 19:24 14% Make Worker#user support different process primary group and log file group Jeremy Evans
2018-09-13 22:53 10% ` Eric Wong
2018-12-20 22:28 5% [ANN] unicorn 5.5.0.pre1 - Rack HTTP server for fast clients and Unix Eric Wong
Code repositories for project(s) associated with this public inbox
https://yhbt.net/unicorn.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).