where to chmod socket file?

Suraj Kurapati sunaku at gmail.com
Thu Nov 12 18:36:37 EST 2009


Hello,

I set the socket for my app to reside in /tmp/ because my app's
Capistrano deploy directory is NFS-mounted:

  listen '/tmp/my_app.sock'

That socket file is being created with mode 0777 + sticky bit.  I
don't want others to accidentally delete or write to this socket file,
so I added the following line to my before_fork() block:

  before_fork do |server, worker|
    File.chmod 0600, '/tmp/my_app.sock'
    # ...
  end

Is there a better place to put this chmod?  Or maybe tell unicorn to
create the socket with mode 0600?

Thanks for your consideration.


More information about the mongrel-unicorn mailing list