Hi, This issue came to my attention after a bug report against the Debian packaging of mongrel-cluster [1]:
The mongrel-cluster startup script, mongrel_cluster_ctl, assumes either it is being run with root privileges (and each of the configured Mongrel services should specify in its configuration file which user it should run as) or it is run under a regular system user (and no configuration files should specify a user to run as). The configuration setup for the Debian package pushed towards the second situation, switching to the regular system-wide web applications user (www-data). However, this situation is suboptimal for many installations - Say, I host several developers' services at my machine and I want each of my Mongrels to run under the given developer UID/GID. So, what I do is to specify in each of the config files the 'user' and 'group' keys. Now, if mongrel_cluster_ctl is called as root, this will succeed - But if a user didn't specify user/group, his process will run as root. Bad situation. Please consider the attached patch (which is the same I sent to the Debian bugtracker, minus the Debian-initscript-specific hunks). It allows for --user and --group options to be given to mongrel_cluster_ctl, specifying the default user and group to run individual Mongrels at, and which are overriden by configuration-supplied entries. The attached patch was made against the current SVN tree, at the root. Greetings, [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500424 -- Gunnar Wolf - gw...@gwolf.org - (+52-55)5623-0154 / 1451-2244 PGP key 1024D/8BB527AF 2001-10-23 Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF
Index: trunk/projects/mongrel_cluster/lib/mongrel_cluster/init.rb =================================================================== --- trunk/projects/mongrel_cluster/lib/mongrel_cluster/init.rb (revision 1037) +++ trunk/projects/mongrel_cluster/lib/mongrel_cluster/init.rb (working copy) @@ -58,8 +58,10 @@ def start read_options - - argv = @options['mongrel_rails'] + @options['user'] ||= @user + @options['group'] ||= @group + + argv = [ "mongrel_rails" ] argv << "start" argv << "-d" argv << "-e #...@options['environment']}" if @options['environment'] @@ -103,7 +105,7 @@ def stop read_options - argv = @options['mongrel_rails'] + argv = [ "mongrel_rails" ] argv << "stop" argv << "-c #...@options["cwd"]}" if @options["cwd"] argv << "-f" if @force @@ -230,6 +232,8 @@ options [ ['-C', '--config PATH', "Path to cluster configuration file", :@config_file, "config/mongrel_cluster.yml"], ['-v', '--verbose', "Print all called commands and output.", :@verbose, false], + ['-u', '--user USER', "Default user to run process as, if not specified in configuration files", :@user, nil], + ['-g', '--group GROUP', "Default group to run process as, if not specified in configuration files", :@group, nil], ['', '--clean', "Remove pid_file if needed before starting", :@clean, false], ['', '--only PORT', "Port number of cluster member", :@only, nil] ] @@ -300,7 +304,6 @@ ['-C', '--config PATH', "Path to cluster configuration file", :@config_file, "config/mongrel_cluster.yml"], ['', '--user USER', "User to run as", :@user, nil], ['', '--group GROUP', "Group to run as", :@group, nil], - ['', '--mongrel_rails PATH', "Full path to mongrel_rails script", :@mongrel_rails, "mongrel_rails"], ['', '--prefix PREFIX', "Rails prefix to use", :@prefix, nil] ] end @@ -335,7 +338,6 @@ @options["user"] = @user if @user @options["group"] = @group if @group @options["prefix"] = @prefix if @prefix - @options["mongrel_rails"] = @mongrel_rails if @mongrel_rails log "Writing configuration file to #...@config_file}." File.open(@config_file,"w") {|f| f.write(@options.to_yaml)} Index: trunk/projects/mongrel_cluster/bin/mongrel_cluster_ctl =================================================================== --- trunk/projects/mongrel_cluster/bin/mongrel_cluster_ctl (revision 1037) +++ trunk/projects/mongrel_cluster/bin/mongrel_cluster_ctl (working copy) @@ -3,12 +3,14 @@ require 'optparse' -def run(command, verbose, clean=false) +def run(command, verbose, clean=false, user=nil, group=nil) Dir.chdir @options[:conf_path] do confs = Dir.glob("*.yml") confs += Dir.glob("*.conf") confs.each do |conf| cmd = "mongrel_rails cluster::#{command} -C #{conf}" + cmd += " --user #{user}" if user + cmd += " --group #{group}" if group cmd += " -v" if verbose cmd += " --clean" if clean puts cmd if verbose || command == "status" @@ -30,6 +32,8 @@ opts.on("-c", "--conf_path PATH", "Path to mongrel_cluster configuration files") { |value| @options[:conf_path] = value } opts.on('-v', '--verbose', "Print all called commands and output.") { |value| @options[:verbose] = value } opts.on('--clean', "Remove pid files if needed beforehand.") { |value| @options[:clean] = value } + opts.on('--user USER', "Default user to run process as, if not specified in configuration files") { |value| @options[:user] = value } + opts.on('--group GROUP', "Default group to run process as, if not specified in configuration files") { |value| @options[:group] = value } if ARGV.empty? puts opts @@ -52,14 +56,14 @@ case @cmd[0] when "start": puts "Starting all mongrel_clusters..." - run "start", @options[:verbose], @options[:clean] + run "start", @options[:verbose], @options[:clean], @options[:user], @options[:group] when "stop": puts "Stopping all mongrel_clusters..." run "stop", @options[:verbose], @options[:clean] when "restart": puts "Restarting all mongrel_clusters..." run "stop", @options[:verbose], @options[:clean] - run "start", @options[:verbose], @options[:clean] + run "start", @options[:verbose], @options[:clean], @options[:user], @options[:group] when "status": puts "Checking all mongrel_clusters..." run "status", @options[:verbose]
pgpg6AfM9g9oq.pgp
Description: PGP signature
_______________________________________________ Mongrel-users mailing list Mongrel-users@rubyforge.org http://rubyforge.org/mailman/listinfo/mongrel-users