[Mongrel] mongrel service security needs on Win2k3

Matthew McKnight matt.mcknight at gmail.com
Tue Jun 12 11:37:44 EDT 2007

Hello all,

I have mongrel service 0.3.2 running on Win2003 64-bit, special thanks to
Luis for getting that running. You are a great asset!

I am trying to figure out exactly what rights are needed by the account that
is running the service. It works if I give it a domain account with local
admin privileges, but it doesn't work if I give it a domain account without
local admin.  I was tracing things and it looked like it was checking for
access to the system32 directory and the ntdll.dll file. I gave the account
modify access to system32, but no dice. No errors in the mongrel_service.log
or servicefb.log.

My security guy is wanting me to trace through the code to see what it's
touching, he's not going to let the service account run with local admin
privileges for long.

For reference, I can run the thing under srvany.exe without local admin
rights, and it runs just fine. But that solution is unacceptable because it
doesn't kill the processes, making me do my own imitation of mongrel service
and write down the process ids of the processes as they start up, so I know
which service goes with which process when I try to have an orderly
shutdown. I only have about 8 mongrels running on the server, but it's an 8
core beasty, so I am looking to add more once I get this straight.

-Matt McKnight-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://rubyforge.org/pipermail/mongrel-users/attachments/20070612/a2a8c3f5/attachment.html 

More information about the Mongrel-users mailing list