Calling sudo without -u defaults to running as root. So, logging as foobar and doing "sudo" runs the command as root, which works because only root can bind to ports less than 1024 (or thereabouts).
On the other hand, logging in as you and running "sudo -u foobar" runs the command as foobar, and foobar doesn't have sufficient permissions to bind to a port less than 1024. If you were to log in as yourself and do sudo without the "-u foobar", I suspect it would work, too. (Assuming you can sudo as root.) Hope that makes sense. - Jamis On Wed, Dec 10, 2008 at 11:11 AM, jfrankov <[EMAIL PROTECTED]> wrote: > > This may actually be a question about some nuance of sudo, but maybe > someone out there knows anyway. I'm trying to restart my > mongrel_cluster, using cap 2.5.0 (via webistrano) but I'm getting an > error. > > Here's the relevant part of my config: > set :user, "foobar" > set :use_sudo, true > set :runner, "foobar" > > (foobar is in /etc/sudoers and works fine via commandline, and for > those who are interested, webistrano itself is also running as user > foobar) > > > When I run the deploy:restart task, I get this in the output: > > * executing "sudo -p 'sudo password: ' -u foobar mongrel_rails > cluster::start -C /srv/www/app/production/current/config/ > mongrel_cluster_production.yml --clean" > [irvsrddev6.flight.yellowpages.com] executing command > ** [out :: irvsrddev6.flight.yellowpages.com] starting port 80 > > But this error appears in the log: > > ** Daemonized, any open files are closed. Look at tmp/pids/mongrel. > 80.pid and log/mongrel.80.log for info. > ** Starting Mongrel listening at 0.0.0.0:80 > /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel/ > tcphack.rb:12:in `initialize_without_backlog': Permission denied - bind > (2) (Errno::EACCES) > from /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel/ > tcphack.rb:12:in `initialize' > from /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel.rb: > 93:in `new' > from /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel.rb: > 93:in `initialize' > from /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel/ > configurator.rb:139:in `new' > from /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel/ > configurator.rb:139:in `listener' > from /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/mongrel_rails: > 99:in `cloaker_' > from /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel/ > configurator.rb:50:in `call' > from /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel/ > configurator.rb:50:in `initialize' > from /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/mongrel_rails: > 84:in `new' > from /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/mongrel_rails: > 84:in `run' > from /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel/ > command.rb:212:in `run' > from /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/mongrel_rails:281 > from /usr/bin/mongrel_rails:19:in `load' > from /usr/bin/mongrel_rails:19 > > > If I log in to the server as foobar, and run the exact same command > that cap does, I get the same error: > > [EMAIL PROTECTED] $ sudo -p 'sudo password: ' -u foobar mongrel_rails > cluster::start -C /srv/www/frontrunner/production/current/config/ > mongrel_cluster_production.yml --clean > /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel/ > tcphack.rb:12:in `initialize_without_backlog': Permission denied - bind > (2) (Errno::EACCES) > > > However, if I ssh to the server as foobar, and run the command > manually, it works fine! > > [EMAIL PROTECTED] $ ssh [EMAIL PROTECTED] > [EMAIL PROTECTED] $ sudo mongrel_rails cluster::start -C /srv/www/ > frontrunner/production/current/config/mongrel_cluster_production.yml -- > clean > > ** Daemonized, any open files are closed. Look at tmp/pids/mongrel. > 80.pid and log/mongrel.80.log for info. > ** Starting Mongrel listening at 0.0.0.0:80 > ** Initiating groups for "foobar":"foobar". > ** Changing group to "foobar". > ** Changing user to "foobar". > ** Starting Rails with production environment... > /usr/lib/ruby/gems/1.8/gems/mongrel_cluster-1.0.5/lib/mongrel_cluster/ > init.rb:9: warning: already initialized constant STATUS_OK > /usr/lib/ruby/gems/1.8/gems/mongrel_cluster-1.0.5/lib/mongrel_cluster/ > init.rb:10: warning: already initialized constant STATUS_ERROR > ** Rails loaded. > ** Loading any Rails specific GemPlugins > ** Signals ready. TERM => stop. USR2 => restart. INT => stop (no > restart). > ** Rails signals registered. HUP => reload (without restart). It > might not work well. > ** Mongrel 1.1.5 available at 0.0.0.0:80 > ** Writing PID file to tmp/pids/mongrel.80.pid > > > The main difference seems to be that it breaks when sudo is being > invoked with the -u switch. So my question is: why does it work when > user foobar calls sudo interactively, but *not* when cap calls sudo as > the foobar user? > > Any tips or help would be greatly appreciated. > > Thanks! > -Jason > > > > > --~--~---------~--~----~------------~-------~--~----~ To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/capistrano -~----------~----~----~----~------~----~------~--~---
