Struggling with logrotate and unicorn

Emmanuel Gomez emmanuel.gomez at
Tue Apr 12 18:38:32 EDT 2011

On Apr 12, 2011, at 11:59 AM, Eric Wong wrote:
> I'll make that more robust and release
> 3.6.0 sometime this week with (hopefully) a few other minor
> improvements.

Great. This is apparently an infrequent circumstance (uncommon configuration?), but there will be a next person who does this (or comparable silliness).

>> Thanks for your reply, I'm off to comment on the GitHub blog post to
>> try to warn others to use Unicorn::Worker#user instead of the example
>> code in after_fork.
> Thanks, that seems to be a general problem with people relying on
> blog/mailing list posts instead of consistently updated documentation.

Indeed, but I read most of the unicorn docs, and examples/unicorn.conf.rb in 3.3.1 doesn't mention Unicorn::Worker#user, so I remained unaware until I read through worker.rb. 

Hey, I can help here. Here's a patch:

From de3178d98c81de3c8765cebd579ef3f7dd4b2d64 Mon Sep 17 00:00:00 2001
From: Emmanuel Gomez <emmanuel.gomez at>
Date: Tue, 12 Apr 2011 15:36:36 -0700
Subject: [PATCH] Document Unicorn::Worker#user in example unicorn conf.

 examples/unicorn.conf.rb |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/examples/unicorn.conf.rb b/examples/unicorn.conf.rb
index 28a9e65..8b7ad47 100644
--- a/examples/unicorn.conf.rb
+++ b/examples/unicorn.conf.rb
@@ -84,4 +84,8 @@ after_fork do |server, worker|
   # and Redis.  TokyoCabinet file handles are safe to reuse
   # between any number of forked children (assuming your kernel
   # correctly implements pread()/pwrite() system calls)
+  # if running the master process as root and the workers as an unprivileged
+  # user, do this to switch euid/egid in the workers (also chowns logs):
+  # worker.user("unprivileged_user", "unprivileged_group")

More information about the mongrel-unicorn mailing list