Patch from Bradley Taylor allowing uid/gid change on start.

git-svn-id: svn+ssh://rubyforge.org/var/svn/mongrel/trunk@201 19e92222-5c0b-0410-8929-a290d50e31e9
2022-11-09 13:48:40 -05:00 · 2006-05-20 23:14:08 +00:00 · 2006-05-20 23:14:08 +00:00 · 77a2cd78ee
commit 77a2cd78ee
parent 1f2ada2d7b
2 changed files with 48 additions and 6 deletions
--- a/bin/mongrel_rails
+++ b/bin/mongrel_rails
@ -3,6 +3,7 @@ require 'rubygems'
 require 'yaml'
 require 'mongrel'
 require 'mongrel/rails'
+require 'etc'


 class Version < GemPlugin::Plugin "/commands"
@ -34,7 +35,9 @@ class Start < GemPlugin::Plugin "/commands"
      ['-B', '--debug', "Enable debugging mode", :@debug, false],
      ['-C', '--config PATH', "Use a config file", :@config_file, nil],
      ['-S', '--script PATH', "Load the given file as an extra config script.", :@config_script, nil],
-      ['-G', '--generate CONFIG', "Generate a config file for -C", :@generate, nil]
+      ['-G', '--generate CONFIG', "Generate a config file for -C", :@generate, nil],
+      ['-u', '--user USER', "User to run as", :@user, nil],
+      ['-g', '--group GROUP', "Group to run as", :@group, nil]
    ]
  end

@ -51,9 +54,32 @@ class Start < GemPlugin::Plugin "/commands"
    valid_exists? @mime_map, "MIME mapping file does not exist: #@mime_map" if @mime_map
    valid_exists? @config_file, "Config file not there: #@config_file" if @config_file
    valid_dir? File.dirname(@generate), "Problem accessing directory to #@generate" if @generate
+    valid_user? @user if @user
+    valid_group? @group if @group
+    
    return @valid
  end
-
+  
+  def valid_user?(user)
+    valid?(Process.uid == 0, "You must be root to change the user.")
+    begin
+      Etc.getpwnam(user)
+    rescue
+      failure "User does not exist: #{user}"
+      @valid = false
+    end
+  end
+  
+  def valid_group?(group)
+    valid?(Process.uid == 0, "You must be root to change the group.")
+    begin
+      Etc.getgrnam(group)
+    rescue
+      failure "Group does not exist: #{group}"
+      @valid = false
+    end
+  end
+  
  def run

    # command line setting override config file settings
@ -61,7 +87,8 @@ class Start < GemPlugin::Plugin "/commands"
      :log_file => @log_file, :pid_file => @pid_file, :environment => @environment,
      :docroot => @docroot, :mime_map => @mime_map, :daemon => @daemon,
      :debug => @debug, :includes => ["mongrel"], :config_script => @config_script,
-      :num_processors => @num_procs, :timeout => @timeout
+      :num_processors => @num_procs, :timeout => @timeout,
+      :user => @user, :group => @group
    }

    if @generate
--- a/lib/mongrel.rb
+++ b/lib/mongrel.rb
@ -9,7 +9,8 @@ require 'mongrel/command'
 require 'mongrel/tcphack'
 require 'yaml'
 require 'time'
-require 'rubygems' 
+require 'rubygems'
+require 'etc' 


 begin
@ -692,12 +693,26 @@ module Mongrel
      @listeners = {}
      @defaults = defaults
      @needs_restart = false
-
+      
+      change_privilege(@defaults[:user], @defaults[:group])
+      
      if blk
        cloaker(&blk).bind(self).call
      end
    end
-
+    
+    # Change privilege of the process to specified user and group.
+    def change_privilege(user, group)
+      if user
+        log "Changing user to #{user}." 
+        Process::UID.change_privilege(Etc.getpwnam(user).uid)
+      end
+      if group
+        log "Changing group to #{group}."
+        Process::GID.change_privilege(Etc.getgrnam(group).gid)
+      end
+    end
+    
    # generates a class for cloaking the current self and making the DSL nicer
    def cloaking_class
      class << self