fix issue #137. Use our own way to unlink temporary files so we can set

permissions and umask on it.
2026-01-14 11:09:11 +08:00 · 2010-12-20 13:51:03 +01:00 · 2010-12-20 13:51:03 +01:00 · 3ef8688fcc
commit 3ef8688fcc
parent 8eca403d89
3 changed files with 28 additions and 7 deletions
--- a/gunicorn/config.py
+++ b/gunicorn/config.py
@ -210,7 +210,9 @@ def validate_callable(arity):
 def validate_user(val):
    if val is None:
        return os.geteuid()
-    elif val.isdigit() or isinstance(val, int):
+    if isinstance(val, int):
+        return val
+    elif val.isdigit():
        return int(val)
    else:
        try:
@ -221,7 +223,10 @@ def validate_user(val):
 def validate_group(val):
    if val is None:
        return os.getegid()
-    elif val.isdigit() or isinstance(val, int):
+
+    if isinstance(val, int):
+        return val
+    elif val.isdigit():
        return int(val)
    else:
        try:
@ -459,7 +464,7 @@ class User(Setting):
    cli = ["-u", "--user"]
    meta = "USER"
    validator = validate_user
-    default = None
+    default = os.geteuid()
    desc = """\
        Switch worker processes to run as this user.
        
@ -474,7 +479,7 @@ class Group(Setting):
    cli = ["-g", "--group"]
    meta = "GROUP"
    validator = validate_group
-    default = None
+    default = os.getegid()
    desc = """\
        Switch worker process to run as this group.
        
--- a/gunicorn/workers/base.py
+++ b/gunicorn/workers/base.py
@ -49,7 +49,7 @@ class Worker(object):
        self.log = logging.getLogger(__name__)
        self.debug = cfg.debug
        self.address = self.socket.getsockname()
-        self.tmp = WorkerTmp() 
+        self.tmp = WorkerTmp(cfg) 
        
    def __str__(self):
        return "<Worker %s>" % self.pid
--- a/gunicorn/workers/workertmp.py
+++ b/gunicorn/workers/workertmp.py
@ -6,10 +6,26 @@
 import os
 import tempfile

+from gunicorn import util
+
 class WorkerTmp(object):

-    def __init__(self):
-        self._tmp = tempfile.TemporaryFile(prefix="wgunicorn-")
+    def __init__(self, cfg):
+        old_umask = os.umask(cfg.umask)
+        fd, name = tempfile.mkstemp(prefix="wgunicorn-")
+        
+        # allows the process to write to the file
+        util.chown(name, cfg.uid, cfg.gid)
+        os.umask(old_umask)
+
+        # unlink the file so we don't leak tempory files
+        try:
+            os.unlink(name)
+            self._tmp = os.fdopen(fd, 'w+b', 1)
+        except:
+            os.close(fd)
+            raise
+
        self.spinner = 0

    def notify(self):