El Lunes, 28 de Diciembre de 2009, Eric Wong escribió: > > The master process would start properly and would notify "success" to > > grandparent. (so the init script returns 0). But the fact is that all the > > workers fail to start and are respawned again and again. > > For that particular case there'll be a Unicorn::Configurator#user > directive. > > But really, there's absolutely no good reason to use user switching in a > backend application server like Unicorn. > > I only added that feature to support derivative servers like Rainbows!, > and even then it's debatable since using things like iptables or load > balancers can be used to redirect port 80 to arbitrary ports anyways.
Well, chaning the running user it's common in most of servers. I've already found lots of cases of attacks to Apache servers running some "cool" PHP application (so we get exploits in /tmp or/var/tmp as they are the only writable paths for "www-data" user running apache). However it's true that Unicorn approach (worker.user) is different as the master process remains as root (but since the master process doesn't listen it shouldn't matter). So, do you mean that there will be a new configuration option called "user" (and "group") so also themaster process would run as such user? Thanks. -- Iñaki Baz Castillo <i...@aliax.net> _______________________________________________ Unicorn mailing list - mongrel-unicorn@rubyforge.org http://rubyforge.org/mailman/listinfo/mongrel-unicorn Do not quote signatures (like this one) or top post when replying
