[Mongrel] Allowing for mongrel-cluster to start with different users specified in YAML

Gunnar Wolf gwolf at gwolf.org
Wed Mar 11 13:08:19 EDT 2009


Hi,

This issue came to my attention after a bug report against the Debian
packaging of mongrel-cluster [1]: 

The mongrel-cluster startup script, mongrel_cluster_ctl, assumes
either it is being run with root privileges (and each of the
configured Mongrel services should specify in its configuration file
which user it should run as) or it is run under a regular system user
(and no configuration files should specify a user to run as). The
configuration setup for the Debian package pushed towards the second
situation, switching to the regular system-wide web applications user
(www-data). 

However, this situation is suboptimal for many installations - Say, I
host several developers' services at my machine and I want each of my
Mongrels to run under the given developer UID/GID. So, what I do is to
specify in each of the config files the 'user' and 'group' keys.

Now, if mongrel_cluster_ctl is called as root, this will succeed - But
if a user didn't specify user/group, his process will run as root. Bad
situation. 

Please consider the attached patch (which is the same I sent to the
Debian bugtracker, minus the Debian-initscript-specific hunks). It
allows for --user and --group options to be given to
mongrel_cluster_ctl, specifying the default user and group to run
individual Mongrels at, and which are overriden by
configuration-supplied entries.

The attached patch was made against the current SVN tree, at the root.

Greetings,

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500424

-- 
Gunnar Wolf - gwolf at gwolf.org - (+52-55)5623-0154 / 1451-2244
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973  F800 D80E F35A 8BB5 27AF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mongrel.patch
Type: text/x-diff
Size: 4515 bytes
Desc: not available
URL: <http://rubyforge.org/pipermail/mongrel-users/attachments/20090311/fd56705f/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://rubyforge.org/pipermail/mongrel-users/attachments/20090311/fd56705f/attachment-0003.bin>


More information about the Mongrel-users mailing list