From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS14383 205.234.109.0/24 X-Spam-Status: No, score=-0.6 required=5.0 tests=FREEMAIL_FROM, MSGID_FROM_MTA_HEADER,RP_MATCHES_RCVD,T_DKIM_INVALID shortcircuit=no autolearn=unavailable version=3.3.2 Path: news.gmane.org!not-for-mail From: Emmanuel Gomez Newsgroups: gmane.comp.lang.ruby.unicorn.general Subject: Re: Struggling with logrotate and unicorn Date: Tue, 12 Apr 2011 15:38:32 -0700 Message-ID: References: <8A1F87B7-F4A6-4186-AE22-604F875C7F29@gmail.com> <20110412175855.GA21250@dcvr.yhbt.net> <91269EF1-4FEC-4CD3-82EE-4DF48F2544EE@gmail.com> <20110412185901.GA32009@dcvr.yhbt.net> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Trace: dough.gmane.org 1302650718 12949 80.91.229.12 (12 Apr 2011 23:25:18 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Tue, 12 Apr 2011 23:25:18 +0000 (UTC) Cc: unicorn list To: Eric Wong Original-X-From: mongrel-unicorn-bounces@rubyforge.org Wed Apr 13 01:25:14 2011 Return-path: Envelope-to: gclrug-mongrel-unicorn@m.gmane.org X-Original-To: mongrel-unicorn@rubyforge.org Delivered-To: mongrel-unicorn@rubyforge.org X-Greylist: delayed 14516 seconds by postgrey-1.31 at rubyforge.org; Tue, 12 Apr 2011 18:38:37 EDT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:subject:mime-version:content-type:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to:x-mailer; bh=mAZ6XxoLuYtkYmPPdLXD80Mxb0MJKLJx4nV82aDu0RE=; b=qHOwvCGUwsekvTiQLMBqRBx6A4hDuvxKQrgZU1Kj2H0E06QWalOd23nqnXjQeNkKXJ 7LpREXJbEjgKvrvSU+hLk3BkM+qdjG+9q3bIXVZcUyKmsOnFKZoKth/48XE1FegV2lz+ KS4S9yvmhjpzKt0RtINOtpFiyo6SfoHOez9Gk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; b=TpvKMLTT5RH8JqD/kTxevUAD3OGX1SyPzXfRKzSOZ2+aGc83Ercd+q10lCMg0S3New hVkv8p9rHQaZ2fLOycH/xvsa4DsP9oRNMoGHeNTRDwK8FDJP9gqki8zUtkQqPCKs9r2a B5++t3ILxNOEE5ygh9nQggXLuPzJEZ6v1z0aQ= In-Reply-To: <20110412185901.GA32009@dcvr.yhbt.net> X-Mailer: Apple Mail (2.1084) X-BeenThere: mongrel-unicorn@rubyforge.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: mongrel-unicorn-bounces@rubyforge.org Errors-To: mongrel-unicorn-bounces@rubyforge.org Xref: news.gmane.org gmane.comp.lang.ruby.unicorn.general:912 Archived-At: Received: from rubyforge.org ([205.234.109.19]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Q9mxO-0003kc-8Y for gclrug-mongrel-unicorn@m.gmane.org; Wed, 13 Apr 2011 01:25:14 +0200 Received: from rubyforge.org (rubyforge.org [127.0.0.1]) by rubyforge.org (Postfix) with ESMTP id B708E18583A8; Tue, 12 Apr 2011 19:25:13 -0400 (EDT) Received: from mail-pz0-f50.google.com (mail-pz0-f50.google.com [209.85.210.50]) by rubyforge.org (Postfix) with ESMTP id 3847818583A2 for ; Tue, 12 Apr 2011 18:38:37 -0400 (EDT) Received: by pzk2 with SMTP id 2so23154pzk.23 for ; Tue, 12 Apr 2011 15:38:36 -0700 (PDT) Received: by 10.142.249.34 with SMTP id w34mr6835934wfh.301.1302647916603; Tue, 12 Apr 2011 15:38:36 -0700 (PDT) Received: from [10.0.1.6] (c-24-18-181-208.hsd1.wa.comcast.net [24.18.181.208]) by mx.google.com with ESMTPS id y2sm10244733wfd.20.2011.04.12.15.38.33 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 12 Apr 2011 15:38:35 -0700 (PDT) On Apr 12, 2011, at 11:59 AM, Eric Wong wrote: > I'll make that more robust and release > 3.6.0 sometime this week with (hopefully) a few other minor > improvements. Great. This is apparently an infrequent circumstance (uncommon configuration?), but there will be a next person who does this (or comparable silliness). >> Thanks for your reply, I'm off to comment on the GitHub blog post to >> try to warn others to use Unicorn::Worker#user instead of the example >> code in after_fork. > > Thanks, that seems to be a general problem with people relying on > blog/mailing list posts instead of consistently updated documentation. Indeed, but I read most of the unicorn docs, and examples/unicorn.conf.rb in 3.3.1 doesn't mention Unicorn::Worker#user, so I remained unaware until I read through worker.rb. Hey, I can help here. Here's a patch: >>From de3178d98c81de3c8765cebd579ef3f7dd4b2d64 Mon Sep 17 00:00:00 2001 From: Emmanuel Gomez Date: Tue, 12 Apr 2011 15:36:36 -0700 Subject: [PATCH] Document Unicorn::Worker#user in example unicorn conf. --- examples/unicorn.conf.rb | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/examples/unicorn.conf.rb b/examples/unicorn.conf.rb index 28a9e65..8b7ad47 100644 --- a/examples/unicorn.conf.rb +++ b/examples/unicorn.conf.rb @@ -84,4 +84,8 @@ after_fork do |server, worker| # and Redis. TokyoCabinet file handles are safe to reuse # between any number of forked children (assuming your kernel # correctly implements pread()/pwrite() system calls) + + # if running the master process as root and the workers as an unprivileged + # user, do this to switch euid/egid in the workers (also chowns logs): + # worker.user("unprivileged_user", "unprivileged_group") end -- 1.7.3.4 _______________________________________________ Unicorn mailing list - mongrel-unicorn@rubyforge.org http://rubyforge.org/mailman/listinfo/mongrel-unicorn Do not quote signatures (like this one) or top post when replying