unicorn Ruby/Rack server user+dev discussion/patches/pulls/bugs/help
 help / color / mirror / code / Atom feed
From: Emmanuel Gomez <emmanuel.gomez@gmail.com>
To: Eric Wong <normalperson@yhbt.net>
Cc: unicorn list <mongrel-unicorn@rubyforge.org>
Subject: Re: Struggling with logrotate and unicorn
Date: Tue, 12 Apr 2011 15:38:32 -0700	[thread overview]
Message-ID: <C259E8F1-99FF-4B0A-97DA-DB5DA7FCDDD0@gmail.com> (raw)
In-Reply-To: <20110412185901.GA32009@dcvr.yhbt.net>

On Apr 12, 2011, at 11:59 AM, Eric Wong wrote:
> I'll make that more robust and release
> 3.6.0 sometime this week with (hopefully) a few other minor
> improvements.

Great. This is apparently an infrequent circumstance (uncommon configuration?), but there will be a next person who does this (or comparable silliness).

>> Thanks for your reply, I'm off to comment on the GitHub blog post to
>> try to warn others to use Unicorn::Worker#user instead of the example
>> code in after_fork.
> Thanks, that seems to be a general problem with people relying on
> blog/mailing list posts instead of consistently updated documentation.

Indeed, but I read most of the unicorn docs, and examples/unicorn.conf.rb in 3.3.1 doesn't mention Unicorn::Worker#user, so I remained unaware until I read through worker.rb. 

Hey, I can help here. Here's a patch:

>From de3178d98c81de3c8765cebd579ef3f7dd4b2d64 Mon Sep 17 00:00:00 2001
From: Emmanuel Gomez <emmanuel.gomez@gmail.com>
Date: Tue, 12 Apr 2011 15:36:36 -0700
Subject: [PATCH] Document Unicorn::Worker#user in example unicorn conf.

 examples/unicorn.conf.rb |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/examples/unicorn.conf.rb b/examples/unicorn.conf.rb
index 28a9e65..8b7ad47 100644
--- a/examples/unicorn.conf.rb
+++ b/examples/unicorn.conf.rb
@@ -84,4 +84,8 @@ after_fork do |server, worker|
   # and Redis.  TokyoCabinet file handles are safe to reuse
   # between any number of forked children (assuming your kernel
   # correctly implements pread()/pwrite() system calls)
+  # if running the master process as root and the workers as an unprivileged
+  # user, do this to switch euid/egid in the workers (also chowns logs):
+  # worker.user("unprivileged_user", "unprivileged_group")

Unicorn mailing list - mongrel-unicorn@rubyforge.org
Do not quote signatures (like this one) or top post when replying

  reply	other threads:[~2011-04-12 23:25 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-04-12 16:13 Struggling with logrotate and unicorn Emmanuel Gomez
2011-04-12 17:58 ` Eric Wong
2011-04-12 18:36   ` Emmanuel Gomez
2011-04-12 18:59     ` Eric Wong
2011-04-12 22:38       ` Emmanuel Gomez [this message]
2011-04-12 22:51         ` Eric Wong
2011-04-12 23:01           ` Emmanuel Gomez

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

  List information: https://yhbt.net/unicorn/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=C259E8F1-99FF-4B0A-97DA-DB5DA7FCDDD0@gmail.com \
    --to=emmanuel.gomez@gmail.com \
    --cc=mongrel-unicorn@rubyforge.org \
    --cc=normalperson@yhbt.net \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox


This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).