[Mongrel] changing user/group on port 80

Doug Selph dselph at gmail.com
Fri Jun 23 19:06:10 EDT 2006


An update here: I am now running mongrel behind an apache2 daemon that
is listening on port 80 and proxying to mongrel. However, I was
curious if something I encountered today would resolve the problem I
had after reversing the sequence of dropping privs and binding
privileged port, so I repeated that change on my dev box and tried it.
It turns out that the error I got when I tried that was a result of
the user specified with --user not owning the session files in
RAILS_ROOT/tmp/sessions. Once I corrected that condition, the change
in lib/mongrel.rb did the trick. Thought you might want to know that.

Thanks again for your response yesterday.


On 6/22/06, Jan Svitok <jan.svitok at gmail.com> wrote:
> Right. If you want to run under another user *and* on privileged port,
> you must start mongrel as root, a and when the port is bound you can
> have mongrel drop it's privileges by Process.uid= or
> Process::UID.change_privilege.
> Mongrel does this dropping (lib/mongrel.rb:725, in
> Configurator#initialize) before the ports are bound (the block gets
> executed right after the privileges drop). If these two were
> exchanged, it might do what you want, although it may have other
> implications, that I'm not able to tell now.
> Jano
> On 6/22/06, Will_Green at urscorp.com <Will_Green at urscorp.com> wrote:
> > Port 80 is a privileged port, meaning only processes running as root can
> > bind to that port. Even though you are initiating the command as root, you
> > are telling mongrel it should run as user rails. Since rails != root,
> > mongrel will not run on port 80 as with any -u value other than root.
> _______________________________________________
> Mongrel-users mailing list
> Mongrel-users at rubyforge.org
> http://rubyforge.org/mailman/listinfo/mongrel-users

More information about the Mongrel-users mailing list