From: Eric Wong <normalperson@yhbt.net>
To: unicorn list <mongrel-unicorn@rubyforge.org>
Cc: Emmanuel Gomez <emmanuel.gomez@gmail.com>
Subject: Re: Struggling with logrotate and unicorn
Date: Tue, 12 Apr 2011 22:51:05 +0000 [thread overview]
Message-ID: <20110412225105.GA20096@dcvr.yhbt.net> (raw)
In-Reply-To: <C259E8F1-99FF-4B0A-97DA-DB5DA7FCDDD0@gmail.com>
Emmanuel Gomez <emmanuel.gomez@gmail.com> wrote:
> On Apr 12, 2011, at 11:59 AM, Eric Wong wrote:
> > I'll make that more robust and release 3.6.0 sometime this week with
> > (hopefully) a few other minor improvements.
>
> Great. This is apparently an infrequent circumstance (uncommon
> configuration?), but there will be a next person who does this (or
> comparable silliness).
Yes, I think most people still deploy and start as non-root
(Capistrano/Vlad). But I also distribute init scripts and those
are usually run as root :x
> >> Thanks for your reply, I'm off to comment on the GitHub blog post
> >> to try to warn others to use Unicorn::Worker#user instead of the
> >> example code in after_fork.
> >
> > Thanks, that seems to be a general problem with people relying on
> > blog/mailing list posts instead of consistently updated
> > documentation.
>
> Indeed, but I read most of the unicorn docs, and
> examples/unicorn.conf.rb in 3.3.1 doesn't mention
> Unicorn::Worker#user, so I remained unaware until I read through
> worker.rb.
Actually the (usually) user-visible one should be
Unicorn::Configurator#user which should be in the top-level.
Worker#user is just the internal call.
> Hey, I can help here. Here's a patch:
Perhaps this is better? I added a blurb discouraging people from
running as root in the first place. You'll still get credit :)
>From c4d3cd7d7b32ed133e25e3740c8e7a3493592eec Mon Sep 17 00:00:00 2001
From: Emmanuel Gomez <emmanuel.gomez@gmail.com>
Date: Tue, 12 Apr 2011 15:36:36 -0700
Subject: [PATCH] Document "user" directive in example unicorn conf
---
examples/unicorn.conf.rb | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/examples/unicorn.conf.rb b/examples/unicorn.conf.rb
index 28a9e65..61f0b4b 100644
--- a/examples/unicorn.conf.rb
+++ b/examples/unicorn.conf.rb
@@ -12,6 +12,13 @@
# more will usually help for _short_ waits on databases/caches.
worker_processes 4
+# Since Unicorn is never exposed to outside clients, it does not need to
+# run on the standard HTTP port (80), there is no reason to start Unicorn
+# as root unless it's from system init scripts.
+# If running the master process as root and the workers as an unprivileged
+# user, do this to switch euid/egid in the workers (also chowns logs):
+# user "unprivileged_user", "unprivileged_group"
+
# Help ensure your application will always spawn in the symlinked
# "current" directory that Capistrano sets up.
working_directory "/path/to/app/current" # available in 0.94.0+
--
Eric Wong
_______________________________________________
Unicorn mailing list - mongrel-unicorn@rubyforge.org
http://rubyforge.org/mailman/listinfo/mongrel-unicorn
Do not quote signatures (like this one) or top post when replying
next prev parent reply other threads:[~2011-04-12 23:24 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-12 16:13 Struggling with logrotate and unicorn Emmanuel Gomez
2011-04-12 17:58 ` Eric Wong
2011-04-12 18:36 ` Emmanuel Gomez
2011-04-12 18:59 ` Eric Wong
2011-04-12 22:38 ` Emmanuel Gomez
2011-04-12 22:51 ` Eric Wong [this message]
2011-04-12 23:01 ` Emmanuel Gomez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://yhbt.net/unicorn/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110412225105.GA20096@dcvr.yhbt.net \
--to=normalperson@yhbt.net \
--cc=emmanuel.gomez@gmail.com \
--cc=mongrel-unicorn@rubyforge.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhbt.net/unicorn.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).