File creation mode in Rails + Unicorn
normalperson at yhbt.net
Fri Jun 8 09:20:26 UTC 2012
Jérémy Lecour <jeremy at autrementlemail.fr> wrote:
> When I first hit such a page, the static cache file is not present, so
> the Rails app is reached and the file is created.
> The next hit is a 403 error.
> The file is created with the right user/group but in 0600 mode instead
> of 0660 or 0640, that's why I have this error.
> If I start my app with Webrick instead of Unicorn, the file is created
> the mode is alright.
> To start Unicorn, my init script (executed by root) does something
> like this (let's say that the user/group is deploy/deploy) :
> sudo -u deploy unicorn -E production -c RAILS_ROOT/config/unicorn.rb -D
Did you also use sudo to start webrick?
> Then in the unicorn.rb config script I have set this :
> user 'deploy', 'deploy'
You only need one or or the other (sudo or the "user" directive), not
both, but I don't think that's the issue...
Calling File.umask in your unicorn config file should work around the
issue for you:
File.umask(027) # to get 0640 perms
File.umask(007) # to get 0660 perms
You can use: printf("0%o", File.umask) to show the current umask, too.
I'm not sure why the "deploy" user defaults to such a restrictive umask
on your system, though. There are _many_ things that could change/set
umask before unicorn gets started, including sudo. Your system
administrator might know :)
> I've tried to use unicorn in socket or TCP mode, but I get the same result.
That shouldn't make a difference. Unicorn only flips the umask
momentarily when creating a unix socket and flips it back to
the original value.
> Thanks for any help and for making Unicorn such an awesome tool.
More information about the mongrel-unicorn