about summary refs log tree commit homepage
diff options
context:
space:
mode:
authorJeremy Evans <code@jeremyevans.net>2018-09-13 11:16:38 -0700
committerEric Wong <e@80x24.org>2018-09-13 22:44:22 +0000
commit47fddb53aa0b7763f353ba515cf3fb5b2059f4f7 (patch)
tree735385efe5f8b8d1871f4bb114d324a0e8494aff
parent080bbe7a14bdb0373eaf25384003e51eec6ab748 (diff)
Previously, Unicorn always used the process's primary group as the
the group of the log file.  However, there are reasons to use a
separate group for the log files, such as when you have many
applications where each application uses it's own user and primary
group, but you want to be able to have a user read the log files
for all applications.  Some operating systems have a fairly small
limit on the number of groups per user, and it may not be feasible
to have a user be in the primary group for all applications.
a primary group
-rw-r--r--lib/unicorn/worker.rb18
1 files changed, 16 insertions, 2 deletions
diff --git a/lib/unicorn/worker.rb b/lib/unicorn/worker.rb
index 68de17e..5ddf379 100644
--- a/lib/unicorn/worker.rb
+++ b/lib/unicorn/worker.rb
@@ -122,6 +122,11 @@ class Unicorn::Worker
   # the +after_fork+ hook after any privileged functions need to be
   # run (e.g. to set per-worker CPU affinity, niceness, etc)
   #
+  # +group+ can be specified as a string, or as an array of two
+  # strings.  If an array of two strings is given, the first string
+  # is used as the primary group of the process, and the second is
+  # used as the group of the log files.
+  #
   # Any and all errors raised within this method will be propagated
   # directly back to the caller (usually the +after_fork+ hook.
   # These errors commonly include ArgumentError for specifying an
@@ -134,8 +139,17 @@ class Unicorn::Worker
     # insufficient because modern systems have fine-grained
     # capabilities.  Let the caller handle any and all errors.
     uid = Etc.getpwnam(user).uid
-    gid = Etc.getgrnam(group).gid if group
-    Unicorn::Util.chown_logs(uid, gid)
+
+    if group
+      if group.is_a?(Array)
+        group, log_group = group
+        log_gid = Etc.getgrnam(log_group).gid
+      end
+      gid = Etc.getgrnam(group).gid
+      log_gid ||= gid
+    end
+
+    Unicorn::Util.chown_logs(uid, log_gid)
     if gid && Process.egid != gid
       Process.initgroups(user, gid)
       Process::GID.change_privilege(gid)