Starting lighttpd/Rails apps as user, not root


#1

Hi everyone,

When I want something to start at boot, I put it into /etc/rc*. The
service will start as root, though.

How do I make it start as a particular user? I’m worried about the
machine going down and me not being around to pick my app back up when
it does.

I think this would also help my SwitchTower issue of having 8 fastcgi
processes running for the app. 4 started by lighttpd, and 4
started/restarted when I deploy. Since the deployment user can’t kill
the root-run fastcgi processes, they stay running.

Thanks,

Sean


#2

Sean H. wrote:

Hi everyone,

When I want something to start at boot, I put it into /etc/rc*. The
service will start as root, though.

How do I make it start as a particular user? I’m worried about the
machine going down and me not being around to pick my app back up when
it does.

I think this would also help my SwitchTower issue of having 8 fastcgi
processes running for the app. 4 started by lighttpd, and 4
started/restarted when I deploy. Since the deployment user can’t kill
the root-run fastcgi processes, they stay running.

Thanks,

Sean

add a cronjob at @reboot this will get executed at…well…reboot…

M


#3

On Wed, 2006-02-01 at 14:33 -0500, Sean H. wrote:

Hi everyone,

When I want something to start at boot, I put it into /etc/rc*. The
service will start as root, though.

How do I make it start as a particular user? I’m worried about the
machine going down and me not being around to pick my app back up when
it does.


su - some_user -c ‘/usr/sbin/lighttpd’ &

I think this would also help my SwitchTower issue of having 8 fastcgi
processes running for the app. 4 started by lighttpd, and 4
started/restarted when I deploy. Since the deployment user can’t kill
the root-run fastcgi processes, they stay running.


I wouldn’t know about this

Craig


#4

In your lighttpd.conf you can specify user and and group and then (on
Debian anyway) when it does the /etc/init.d/lighttpd start at bootup
it will spawn as that user.

server.username = “www-data”
server.groupname = “www-data”

Michael T.


#5

Michael and Brian, that’s the thing. Thanks!

On 2/1/06, Brian V. Hughes removed_email_address@domain.invalid wrote:

Yes. It makes the auto-deployment of your changed app code much smoother. Just
make sure you tell lighttpd to become the user that SwitchTower logs in as and
you should be all set. That’s basically what I’m doing for all my Rails apps,
although I don’t have ST wired into my deployment process, just yet…

Yes, that’s how I have it working now. The only missing piece was the
server-running-as-user.

Thanks again!

Sean


#6

Sean H. wrote:

When I want something to start at boot, I put it into /etc/rc*. The
service will start as root, though.

How do I make it start as a particular user? I’m worried about the
machine going down and me not being around to pick my app back up when
it does.

I’m far from being a Unix guru, but your subject line specifically
mentions
lighttpd, which is something I can offer some assistance on.

Basically, you always want root to launch lighttpd, for a production
Rails app,
but what you do is you tell lighttpd to change its user and group when
it
launches. You do that with these lines in your lighttpd.conf:

server.username = “foo”
server.groupname = “bar”

Since lighttpd is run as root, it can pretty much change its user and
group, at
will. The advantage is that since the lighttpd process becomes owned by
user
“foo”, any child processes launched by lighttpd are also owned by user
“foo”. So
when you have lighttpd launch the FastCGI listeners, they will be owned
by user
“foo”.

I think this would also help my SwitchTower issue of having 8 fastcgi
processes running for the app. 4 started by lighttpd, and 4
started/restarted when I deploy. Since the deployment user can’t kill
the root-run fastcgi processes, they stay running.

Yes. It makes the auto-deployment of your changed app code much
smoother. Just
make sure you tell lighttpd to become the user that SwitchTower logs in
as and
you should be all set. That’s basically what I’m doing for all my Rails
apps,
although I don’t have ST wired into my deployment process, just yet…

-Brian