From: Emmanuel Gomez <emmanuel.gomez@gmail.com>
To: Eric Wong <normalperson@yhbt.net>
Cc: unicorn list <mongrel-unicorn@rubyforge.org>
Subject: Re: Struggling with logrotate and unicorn
Date: Tue, 12 Apr 2011 15:38:32 -0700 [thread overview]
Message-ID: <C259E8F1-99FF-4B0A-97DA-DB5DA7FCDDD0@gmail.com> (raw)
In-Reply-To: <20110412185901.GA32009@dcvr.yhbt.net>
On Apr 12, 2011, at 11:59 AM, Eric Wong wrote:
> I'll make that more robust and release
> 3.6.0 sometime this week with (hopefully) a few other minor
> improvements.
Great. This is apparently an infrequent circumstance (uncommon configuration?), but there will be a next person who does this (or comparable silliness).
>> Thanks for your reply, I'm off to comment on the GitHub blog post to
>> try to warn others to use Unicorn::Worker#user instead of the example
>> code in after_fork.
>
> Thanks, that seems to be a general problem with people relying on
> blog/mailing list posts instead of consistently updated documentation.
Indeed, but I read most of the unicorn docs, and examples/unicorn.conf.rb in 3.3.1 doesn't mention Unicorn::Worker#user, so I remained unaware until I read through worker.rb.
Hey, I can help here. Here's a patch:
>From de3178d98c81de3c8765cebd579ef3f7dd4b2d64 Mon Sep 17 00:00:00 2001
From: Emmanuel Gomez <emmanuel.gomez@gmail.com>
Date: Tue, 12 Apr 2011 15:36:36 -0700
Subject: [PATCH] Document Unicorn::Worker#user in example unicorn conf.
---
examples/unicorn.conf.rb | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/examples/unicorn.conf.rb b/examples/unicorn.conf.rb
index 28a9e65..8b7ad47 100644
--- a/examples/unicorn.conf.rb
+++ b/examples/unicorn.conf.rb
@@ -84,4 +84,8 @@ after_fork do |server, worker|
# and Redis. TokyoCabinet file handles are safe to reuse
# between any number of forked children (assuming your kernel
# correctly implements pread()/pwrite() system calls)
+
+ # if running the master process as root and the workers as an unprivileged
+ # user, do this to switch euid/egid in the workers (also chowns logs):
+ # worker.user("unprivileged_user", "unprivileged_group")
end
--
1.7.3.4
_______________________________________________
Unicorn mailing list - mongrel-unicorn@rubyforge.org
http://rubyforge.org/mailman/listinfo/mongrel-unicorn
Do not quote signatures (like this one) or top post when replying
next prev parent reply other threads:[~2011-04-12 23:25 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-12 16:13 Struggling with logrotate and unicorn Emmanuel Gomez
2011-04-12 17:58 ` Eric Wong
2011-04-12 18:36 ` Emmanuel Gomez
2011-04-12 18:59 ` Eric Wong
2011-04-12 22:38 ` Emmanuel Gomez [this message]
2011-04-12 22:51 ` Eric Wong
2011-04-12 23:01 ` Emmanuel Gomez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://yhbt.net/unicorn/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=C259E8F1-99FF-4B0A-97DA-DB5DA7FCDDD0@gmail.com \
--to=emmanuel.gomez@gmail.com \
--cc=mongrel-unicorn@rubyforge.org \
--cc=normalperson@yhbt.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhbt.net/unicorn.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).