diff options
| author | Eric Wong <e@80x24.org> | 2013-10-29 00:02:56 +0000 |
|---|---|---|
| committer | Eric Wong <e@80x24.org> | 2013-10-29 02:37:05 +0000 |
| commit | fd5844b2baef6c1acaca9ca1eca0509e3a4f840d (patch) | |
| tree | 2e9d746f699da0458903b4b54227a3574f774cb1 /lib/yahns/server.rb | |
| parent | 556f8ae6f629df51ff41c1918de40e2bb531159e (diff) | |
| download | yahns-fd5844b2baef6c1acaca9ca1eca0509e3a4f840d.tar.gz | |
This was documented (incorrectly) and not implemented for either the master/worker or single process cases. Implement and test all (with mocks, so not fully-tested).
Diffstat (limited to 'lib/yahns/server.rb')
| -rw-r--r-- | lib/yahns/server.rb | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/lib/yahns/server.rb b/lib/yahns/server.rb index fea310c..a2af745 100644 --- a/lib/yahns/server.rb +++ b/lib/yahns/server.rb @@ -10,6 +10,7 @@ class Yahns::Server # :nodoc: :CHLD ] attr_accessor :daemon_pipe attr_accessor :logger + attr_writer :user attr_writer :worker_processes attr_writer :worker_atfork_prepare attr_writer :worker_atfork_parent @@ -60,10 +61,26 @@ class Yahns::Server # :nodoc: if @worker_processes require 'yahns/server_mp' extend Yahns::ServerMP + else + switch_user(*@user) if @user end self end + def switch_user(user, group = nil) + # we do not protect the caller, checking Process.euid == 0 is + # insufficient because modern systems have fine-grained + # capabilities. Let the caller handle any and all errors. + uid = Etc.getpwnam(user).uid + gid = Etc.getgrnam(group).gid if group + Yahns::Log.chown_all(uid, gid) + if gid && Process.egid != gid + Process.initgroups(user, gid) + Process::GID.change_privilege(gid) + end + Process.euid != uid and Process::UID.change_privilege(uid) + end + def drop_acceptors @listeners.delete_if(&:ac_quit) end |