Avoid unnecessary chown of temporary files

When Gunicorn is configured to change the effective user or group of the worker processes, it changes the owner and group fo the the temporary files used for interprocess communication. With this change, Gunicorn does not change the owner or group of the files if the worker processes will run as the current effective user and gorup. This change avoids calling chown when it is not necessary, which may allow Gunicorn to be used in environments that restrict use of the chown syscall. Relates to #2059.
2026-01-14 11:09:11 +08:00 · 2019-06-16 23:50:45 -04:00 · 2019-06-16 23:50:45 -04:00 · 40802904eb
commit 40802904eb
parent f38f717539
1 changed files with 5 additions and 3 deletions
--- a/gunicorn/workers/workertmp.py
+++ b/gunicorn/workers/workertmp.py
@ -21,11 +21,13 @@ class WorkerTmp(object):
        if fdir and not os.path.isdir(fdir):
            raise RuntimeError("%s doesn't exist. Can't create workertmp." % fdir)
        fd, name = tempfile.mkstemp(prefix="wgunicorn-", dir=fdir)
-
-        # allows the process to write to the file
-        util.chown(name, cfg.uid, cfg.gid)
        os.umask(old_umask)

+        # change the owner and group of the file if the worker will run as
+        # a different user or group, so that the worker can modify the file
+        if cfg.uid != os.geteuid() or cfg.gid != os.getegid():
+            util.chown(name, cfg.uid, cfg.gid)
+
        # unlink the file so we don't leak tempory files
        try:
            if not IS_CYGWIN: