File creation mode in Rails + Unicorn

Eric Wong normalperson at
Fri Jun 8 09:20:26 UTC 2012

Jérémy Lecour <jeremy at> wrote:
> When I first hit such a page, the static cache file is not present, so
> the Rails app is reached and the file is created.
> The next hit is a 403 error.
> The file is created with the right user/group but in 0600 mode instead
> of 0660 or 0640, that's why I have this error.
> If I start my app with Webrick instead of Unicorn, the file is created
> the mode is alright.

> To start Unicorn, my init script (executed by root) does something
> like this (let's say that the user/group is deploy/deploy) :
>     sudo -u deploy unicorn -E production -c RAILS_ROOT/config/unicorn.rb -D

Did you also use sudo to start webrick?

> Then in the unicorn.rb config script I have set this :
>    user 'deploy', 'deploy'

You only need one or or the other (sudo or the "user" directive), not
both, but I don't think that's the issue...

Calling File.umask in your unicorn config file should work around the
issue for you:

  File.umask(027) # to get 0640 perms
  File.umask(007) # to get 0660 perms

You can use:   printf("0%o", File.umask)   to show the current umask, too.

I'm not sure why the "deploy" user defaults to such a restrictive umask
on your system, though.  There are _many_ things that could change/set
umask before unicorn gets started, including sudo.  Your system
administrator might know :)

> I've tried to use unicorn in socket or TCP mode, but I get the same result.

That shouldn't make a difference.  Unicorn only flips the umask
momentarily when creating a unix socket and flips it back to
the original value.

> Thanks for any help and for making Unicorn such an awesome tool.

No problem!

More information about the mongrel-unicorn mailing list