Gunnar Wolf
2009-Mar-11 17:08 UTC
[Mongrel] Allowing for mongrel-cluster to start with different users specified in YAML
Hi, This issue came to my attention after a bug report against the Debian packaging of mongrel-cluster [1]: The mongrel-cluster startup script, mongrel_cluster_ctl, assumes either it is being run with root privileges (and each of the configured Mongrel services should specify in its configuration file which user it should run as) or it is run under a regular system user (and no configuration files should specify a user to run as). The configuration setup for the Debian package pushed towards the second situation, switching to the regular system-wide web applications user (www-data). However, this situation is suboptimal for many installations - Say, I host several developers'' services at my machine and I want each of my Mongrels to run under the given developer UID/GID. So, what I do is to specify in each of the config files the ''user'' and ''group'' keys. Now, if mongrel_cluster_ctl is called as root, this will succeed - But if a user didn''t specify user/group, his process will run as root. Bad situation. Please consider the attached patch (which is the same I sent to the Debian bugtracker, minus the Debian-initscript-specific hunks). It allows for --user and --group options to be given to mongrel_cluster_ctl, specifying the default user and group to run individual Mongrels at, and which are overriden by configuration-supplied entries. The attached patch was made against the current SVN tree, at the root. Greetings, [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500424 -- Gunnar Wolf - gwolf at gwolf.org - (+52-55)5623-0154 / 1451-2244 PGP key 1024D/8BB527AF 2001-10-23 Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF -------------- next part -------------- A non-text attachment was scrubbed... Name: mongrel.patch Type: text/x-diff Size: 4515 bytes Desc: not available URL: <http://rubyforge.org/pipermail/mongrel-users/attachments/20090311/fd56705f/attachment-0002.bin> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://rubyforge.org/pipermail/mongrel-users/attachments/20090311/fd56705f/attachment-0003.bin>