about summary refs log tree commit homepage
path: root/lib/unicorn/worker.rb
diff options
context:
space:
mode:
authorEric Wong <normalperson@yhbt.net>2010-08-27 21:45:33 +0000
committerEric Wong <normalperson@yhbt.net>2010-10-04 21:01:27 +0000
commit5b6a97ff54d029d433b79eee1549e6f99464c48b (patch)
tree7413f030f953dde2ef0127670196252d93d3bef1 /lib/unicorn/worker.rb
parent50c11036dd4898ccfed8b3e0552e88c67b6c63a9 (diff)
downloadunicorn-5b6a97ff54d029d433b79eee1549e6f99464c48b.tar.gz
This hopefully makes things easier to read, follow, and find
since it's mostly documentation...
Diffstat (limited to 'lib/unicorn/worker.rb')
-rw-r--r--lib/unicorn/worker.rb40
1 files changed, 40 insertions, 0 deletions
diff --git a/lib/unicorn/worker.rb b/lib/unicorn/worker.rb
new file mode 100644
index 0000000..fd8d20e
--- /dev/null
+++ b/lib/unicorn/worker.rb
@@ -0,0 +1,40 @@
+# -*- encoding: binary -*-
+
+# This class and its members can be considered a stable interface
+# and will not change in a backwards-incompatible fashion between
+# releases of Unicorn.  You may need to access it in the
+# before_fork/after_fork hooks.  See the Unicorn::Configurator RDoc
+# for examples.
+class Unicorn::Worker < Struct.new(:nr, :tmp, :switched)
+
+  # worker objects may be compared to just plain numbers
+  def ==(other_nr)
+    self.nr == other_nr
+  end
+
+  # Changes the worker process to the specified +user+ and +group+
+  # This is only intended to be called from within the worker
+  # process from the +after_fork+ hook.  This should be called in
+  # the +after_fork+ hook after any priviledged functions need to be
+  # run (e.g. to set per-worker CPU affinity, niceness, etc)
+  #
+  # Any and all errors raised within this method will be propagated
+  # directly back to the caller (usually the +after_fork+ hook.
+  # These errors commonly include ArgumentError for specifying an
+  # invalid user/group and Errno::EPERM for insufficient priviledges
+  def user(user, group = nil)
+    # we do not protect the caller, checking Process.euid == 0 is
+    # insufficient because modern systems have fine-grained
+    # capabilities.  Let the caller handle any and all errors.
+    uid = Etc.getpwnam(user).uid
+    gid = Etc.getgrnam(group).gid if group
+    Unicorn::Util.chown_logs(uid, gid)
+    tmp.chown(uid, gid)
+    if gid && Process.egid != gid
+      Process.initgroups(user, gid)
+      Process::GID.change_privilege(gid)
+    end
+    Process.euid != uid and Process::UID.change_privilege(uid)
+    self.switched = true
+  end
+end