[Mongrel] changing user/group on port 80

Doug Selph dselph at gmail.com
Thu Jun 22 18:26:28 EDT 2006


Jan,

I had actually tried what you suggest (reversing the sequence of
change_privilege and port binding) prior to emailing the list. It did
allow me to get mongrel up as a non-root process listening on port 80,
but every request to my rails app got a http response of 500. I don't
know mongrel well enough to understand the reason for that, but as you
said, there were other implications. :)

Thanks for taking time to hunt it down and respond.

Doug


On 6/22/06, Jan Svitok <jan.svitok at gmail.com> wrote:
> Right. If you want to run under another user *and* on privileged port,
> you must start mongrel as root, a and when the port is bound you can
> have mongrel drop it's privileges by Process.uid= or
> Process::UID.change_privilege.
>
> Mongrel does this dropping (lib/mongrel.rb:725, in
> Configurator#initialize) before the ports are bound (the block gets
> executed right after the privileges drop). If these two were
> exchanged, it might do what you want, although it may have other
> implications, that I'm not able to tell now.
>
> Jano
>
> On 6/22/06, Will_Green at urscorp.com <Will_Green at urscorp.com> wrote:
> > Port 80 is a privileged port, meaning only processes running as root can
> > bind to that port. Even though you are initiating the command as root, you
> > are telling mongrel it should run as user rails. Since rails != root,
> > mongrel will not run on port 80 as with any -u value other than root.
> _______________________________________________
> Mongrel-users mailing list
> Mongrel-users at rubyforge.org
> http://rubyforge.org/mailman/listinfo/mongrel-users
>


More information about the Mongrel-users mailing list