on irc jbergstroem noticed that gunicorn behavior is different than

nginx one in the way it manages processes uid/gid. Only nginx workers get uid/gid and master if launch as root stay root. This patch give ti gunicorn the same behavior.
2026-01-14 11:09:11 +08:00 · 2010-02-22 14:20:06 +01:00 · 2010-02-22 14:20:06 +01:00 · 6c12f313e3
commit 6c12f313e3
parent 0a2585fdc0
6 changed files with 55 additions and 31 deletions
--- a/gunicorn/arbiter.py
+++ b/gunicorn/arbiter.py
@ -356,7 +356,7 @@ class Arbiter(object):
                continue
            worker = Worker(i, self.pid, self.LISTENER, self.modname,
-                        self.timeout/2.0, self.debug)
+                        self.timeout/2.0, self.conf)
            self.conf.before_fork(self, worker)
            pid = os.fork()
            if pid != 0:
--- a/gunicorn/config.py
+++ b/gunicorn/config.py
@ -3,7 +3,9 @@
 # This file is part of gunicorn released under the MIT license. 
 # See the NOTICE for more information.
 import grp
 import os
 import pwd
 import sys
 from gunicorn import util
@ -104,13 +106,37 @@ class Config(object):
    @property
    def umask(self):
-        if not self.conf['umask']:
+        if not self.conf.get('umask'):
            return 0
        umask = self.conf['umask']
        if isinstance(umask, basestring):
            return int(umask, 0)
        return umask
    @property
    def uid(self):
        if not self.conf.get('user'):
            return os.geteuid()
        user =  self.conf.get('user')
        if user.isdigit() or isinstance(user, int):
            uid = int(user)
        else:
            uid = pwd.getpwnam(user).pw_uid
        return uid
    @property
    def gid(self):
        if not self.conf.get('group'):
            return os.getegid()
        group = self.conf.get('group')
        if group.isdigit() or isinstance(group, int):
            gid = int(group)
        else:
            gid = grp.getgrnam(group).gr_gid
        return gid
    def _hook(self, hookname, *args):
        hook = self.conf.get(hookname)
--- a/gunicorn/main.py
+++ b/gunicorn/main.py
@ -3,12 +3,9 @@
 # This file is part of gunicorn released under the MIT license. 
 # See the NOTICE for more information.
 import ctypes
 import grp
 import logging
 import optparse as op
 import os
 import pwd
 import pkg_resources
 import sys
@ -99,26 +96,7 @@ def daemonize(umask):
        os.dup2(0, 1)
        os.dup2(0, 2)
-def set_owner_process(user,group):
+
    """ set user and group of workers processes """
    if group:
        if group.isdigit() or isinstance(group, int):
            gid = int(group)
        else:
            gid = grp.getgrnam(group).gr_gid
        try:
            os.setgid(gid)
        except OverflowError:
            # versions of python < 2.6.2 don't manage unsigned int for
            # groups like on osx or fedora
            os.setgid(-ctypes.c_int(-gid).value)
    if user:
        if user.isdigit() or isinstance(user, int):
            uid = int(user)
        else:
            uid = pwd.getpwnam(user).pw_uid
        os.setuid(uid)
 def main(usage, get_app):
    """ function used by different runners to setup options 
@ -137,7 +115,6 @@ def main(usage, get_app):
    else:
        os.umask(conf['umask'])
        os.setpgrp()
    set_owner_process(conf['user'], conf['group']) 
    configure_logging(conf)
    arbiter.run()
@ -173,7 +150,6 @@ def paste_server(app, global_conf=None, host="127.0.0.1", port=None,
    else:
        os.umask(conf['umask'])
        os.setpgrp()
    set_owner_process(conf["user"], conf["group"])
    configure_logging(conf)
    arbiter.run()
--- a/gunicorn/management/commands/run_gunicorn.py
+++ b/gunicorn/management/commands/run_gunicorn.py
@ -71,7 +71,6 @@ class Command(BaseCommand):
            else:
                os.umask(conf['umask'])
                os.setpgrp()
            set_owner_process(conf["user"], conf["group"])
            configure_logging(conf)
            arbiter.run()
        except WSGIServerException, e:
--- a/gunicorn/util.py
+++ b/gunicorn/util.py
@ -3,6 +3,7 @@
 # This file is part of gunicorn released under the MIT license. 
 # See the NOTICE for more information.
 import ctypes
 import errno
 import fcntl
 import os
@ -29,7 +30,25 @@ monthname = [None,
             'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun',
             'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec']
-
+def set_owner_process(uid,gid):
    """ set user and group of workers processes """
    if gid:
        try:
            os.setgid(gid)
        except OverflowError:
            # versions of python < 2.6.2 don't manage unsigned int for
            # groups like on osx or fedora
            os.setgid(-ctypes.c_int(-gid).value)
    if uid:
        os.setuid(uid)
 def chown(path, uid, gid):
    try:
        os.chown(path, uid, gid)
    except OverflowError:
        os.chown(path, uid, -ctypes.c_int(-gid).value)
 def parse_address(host, port=None, default_port=8000):
    if host.startswith("unix:"):
        return host.split("unix:")[1]
--- a/gunicorn/worker.py
+++ b/gunicorn/worker.py
@ -27,14 +27,16 @@ class Worker(object):
    PIPE = []
-    def __init__(self, workerid, ppid, socket, app, timeout, debug=False):
+    def __init__(self, workerid, ppid, socket, app, timeout, conf):
        self.nr = 0
        self.id = workerid
        self.ppid = ppid
-        self.debug = debug
+        self.debug = conf['debug']
        self.conf = conf
        self.socket = socket
        self.timeout = timeout
        self.fd, self.tmpname = tempfile.mkstemp(prefix="wgunicorn-")
        util.chown(self.tmpname, conf.uid, conf.gid)
        self.tmp = os.fdopen(self.fd, "r+b")
        self.app = app
        self.alive = True
@ -81,6 +83,8 @@ class Worker(object):
            os.chmod(self.tmpname, self.spinner)
    def init_process(self):
        util.set_owner_process(self.conf.uid, self.conf.gid)
        # init pipe
        self.PIPE = os.pipe()
        map(util.set_non_blocking, self.PIPE)