From 3ef8688fcc9367704c56e4d24f1a355957b3bd77 Mon Sep 17 00:00:00 2001
From: benoitc <bchesneau@gmail.com>
Date: Mon, 20 Dec 2010 13:51:03 +0100
Subject: [PATCH] fix issue #137. Use our own way to unlink temporary files so
 we can set permissions and umask on it.

---
 gunicorn/config.py            | 13 +++++++++----
 gunicorn/workers/base.py      |  2 +-
 gunicorn/workers/workertmp.py | 20 ++++++++++++++++++--
 3 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/gunicorn/config.py b/gunicorn/config.py
index ada81f19..f6e45f56 100644
--- a/gunicorn/config.py
+++ b/gunicorn/config.py
@@ -210,7 +210,9 @@ def validate_callable(arity):
 def validate_user(val):
     if val is None:
         return os.geteuid()
-    elif val.isdigit() or isinstance(val, int):
+    if isinstance(val, int):
+        return val
+    elif val.isdigit():
         return int(val)
     else:
         try:
@@ -221,7 +223,10 @@ def validate_user(val):
 def validate_group(val):
     if val is None:
         return os.getegid()
-    elif val.isdigit() or isinstance(val, int):
+
+    if isinstance(val, int):
+        return val
+    elif val.isdigit():
         return int(val)
     else:
         try:
@@ -459,7 +464,7 @@ class User(Setting):
     cli = ["-u", "--user"]
     meta = "USER"
     validator = validate_user
-    default = None
+    default = os.geteuid()
     desc = """\
         Switch worker processes to run as this user.
         
@@ -474,7 +479,7 @@ class Group(Setting):
     cli = ["-g", "--group"]
     meta = "GROUP"
     validator = validate_group
-    default = None
+    default = os.getegid()
     desc = """\
         Switch worker process to run as this group.
         
diff --git a/gunicorn/workers/base.py b/gunicorn/workers/base.py
index e6cea2b4..04d77eae 100644
--- a/gunicorn/workers/base.py
+++ b/gunicorn/workers/base.py
@@ -49,7 +49,7 @@ class Worker(object):
         self.log = logging.getLogger(__name__)
         self.debug = cfg.debug
         self.address = self.socket.getsockname()
-        self.tmp = WorkerTmp() 
+        self.tmp = WorkerTmp(cfg) 
         
     def __str__(self):
         return "<Worker %s>" % self.pid
diff --git a/gunicorn/workers/workertmp.py b/gunicorn/workers/workertmp.py
index 6de282c2..a43a7387 100644
--- a/gunicorn/workers/workertmp.py
+++ b/gunicorn/workers/workertmp.py
@@ -6,10 +6,26 @@
 import os
 import tempfile
 
+from gunicorn import util
+
 class WorkerTmp(object):
 
-    def __init__(self):
-        self._tmp = tempfile.TemporaryFile(prefix="wgunicorn-")
+    def __init__(self, cfg):
+        old_umask = os.umask(cfg.umask)
+        fd, name = tempfile.mkstemp(prefix="wgunicorn-")
+        
+        # allows the process to write to the file
+        util.chown(name, cfg.uid, cfg.gid)
+        os.umask(old_umask)
+
+        # unlink the file so we don't leak tempory files
+        try:
+            os.unlink(name)
+            self._tmp = os.fdopen(fd, 'w+b', 1)
+        except:
+            os.close(fd)
+            raise
+
         self.spinner = 0
 
     def notify(self):