[Mongrel] changing user/group on port 80

Will_Green at URSCorp.com Will_Green at URSCorp.com
Thu Jun 22 14:14:57 EDT 2006


Port 80 is a privileged port, meaning only processes running as root can
bind to that port. Even though you are initiating the command as root, you
are telling mongrel it should run as user rails. Since rails != root,
mongrel will not run on port 80 as with any -u value other than root.

==
Will Green
Web Developer & IT Coordinator, URS Creative Imaging
http://www.urscreativeimaging.com/


                                                                              
 This e-mail and any attachments are confidential. If you receive this        
 message in error or are not the intended recipient, you should not retain,   
 distribute, disclose or use any of this information and you should destroy   
 the e-mail and any attachments or copies.                                    
                                                                              







                                                                           
             "Doug Selph"                                                  
             <dselph at gmail.com                                             
             >                                                          To 
             Sent by:                  mongrel-users at rubyforge.org         
             mongrel-users-bou                                          cc 
             nces at rubyforge.or                                             
             g                                                     Subject 
                                       [Mongrel] changing user/group on    
                                       port 80                             
             06/22/2006 02:04                                              
             PM                                                            
                                                                           
                                                                           
             Please respond to                                             
             doug at dougselph.co                                             
             m; Please respond                                             
                    to                                                     
             mongrel-users at rub                                             
                yforge.org                                                 
                                                                           
                                                                           




I'm trying to run mongrel on port 80 and switch to a different
user/group from root. As root, this works:

mongrel_rails start -p 3000 -u rails --group rails

This:

mongrel_rails start -p 80 -u rails --group rails

dies with:

---------------------------
** Changing group to rails.
** Changing user to rails.
** Starting Mongrel listening at 0.0.0.0:80
/usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.13.1
/lib/mongrel/tcphack.rb:24:in
`initialize_without_backlog': Permission denied - bind(2)
(Errno::EACCES)        from
/usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.13.1
/lib/mongrel/tcphack.rb:24:in
`initialize'
        from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.13.1
/lib/mongrel.rb:500:in
`initialize'
        from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.13.1
/lib/mongrel.rb:822:in
`listener'
        from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.13.1
/bin/mongrel_rails:91:in
`cloaker_'
        from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.13.1
/lib/mongrel.rb:752:in
`initialize'
        from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.13.1
/bin/mongrel_rails:78:in
`run'
        from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.13.1
/lib/mongrel/command.rb:211:in
`run'
        from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.13.1
/bin/mongrel_rails:227
        from /usr/local/bin/mongrel_rails:18
---------------------------


It appears that the mongrel process changes privilege before binding
to port 80, which of course is not allowed for non-root process. Is
there a workaround here?
_______________________________________________
Mongrel-users mailing list
Mongrel-users at rubyforge.org
http://rubyforge.org/mailman/listinfo/mongrel-users




More information about the Mongrel-users mailing list