Jan, I had actually tried what you suggest (reversing the sequence of change_privilege and port binding) prior to emailing the list. It did allow me to get mongrel up as a non-root process listening on port 80, but every request to my rails app got a http response of 500. I don't know mongrel well enough to understand the reason for that, but as you said, there were other implications. :)
Thanks for taking time to hunt it down and respond. Doug On 6/22/06, Jan Svitok <[EMAIL PROTECTED]> wrote: > Right. If you want to run under another user *and* on privileged port, > you must start mongrel as root, a and when the port is bound you can > have mongrel drop it's privileges by Process.uid= or > Process::UID.change_privilege. > > Mongrel does this dropping (lib/mongrel.rb:725, in > Configurator#initialize) before the ports are bound (the block gets > executed right after the privileges drop). If these two were > exchanged, it might do what you want, although it may have other > implications, that I'm not able to tell now. > > Jano > > On 6/22/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Port 80 is a privileged port, meaning only processes running as root can > > bind to that port. Even though you are initiating the command as root, you > > are telling mongrel it should run as user rails. Since rails != root, > > mongrel will not run on port 80 as with any -u value other than root. > _______________________________________________ > Mongrel-users mailing list > [email protected] > http://rubyforge.org/mailman/listinfo/mongrel-users > _______________________________________________ Mongrel-users mailing list [email protected] http://rubyforge.org/mailman/listinfo/mongrel-users
