Listening UNIX socket is not deleted when stopping Unicorn?

Iñaki Baz Castillo ibc at
Mon Dec 28 06:51:57 EST 2009

El Lunes, 28 de Diciembre de 2009, Iñaki Baz Castillo escribió:
> El Lunes, 28 de Diciembre de 2009, Eric Wong escribió:
> > Since there's absolutely no point in running Unicorn on port 80/443, you
> > should just avoid user switching entirely since it'll significantly
> > simplify your setup(s).
> The problem are init scripts as they are executed by init process (as
>  root). There are some ways to run a commandwith other user (as "su") but
>  AFAIK most of the servers implement full user switching (not just worker
>  processes) by themself.

I've found this workaround by adding the following (extracted from 
Worker#user) at the top of unicorn.conf.rb:

if Process.euid == 0 && (user = MyApp::Config[:user])
  group = MyApp::Config[:group]
  uid = Etc.getpwnam(user).uid
  gid = Etc.getgrnam(group).gid if group
  if gid && Process.egid != gid
    Process.initgroups(user, gid)
  Process.euid != uid and Process::UID.change_privilege(uid)

Of course using it a worker cannot listen in port <= 1024, but as you said, 
what's the problem with that? :)


Iñaki Baz Castillo <ibc at>

More information about the mongrel-unicorn mailing list