| commit | 72c32f2902886bf205ae7ea412909c41dda1a95e | |
| author | Eric Wong <normalperson@yhbt.net> | |
| Mon, 6 Apr 2009 02:15:53 +0000 (5 19:15 -0700) | ||
| committer | Eric Wong <normalperson@yhbt.net> | |
| Mon, 6 Apr 2009 02:15:53 +0000 (5 19:15 -0700) | ||
| tree | 956fe1c85d68199da8a5d135fa3314c0a634b8d7 | treesnapshot (tar.gz zip) |
| parent | 539ca9a0efc692edde5448d3e4007d35372e033d | commitdiff |
Enforce umask 0000 with UNIX domain sockets
I can't think of a good reason to ever use restrictive
permissions with UNIX domain sockets for an HTTP server.
Since some folks run their nginx on port 80 and then
have it drop permissions, we need to ensure our socket
is readable and writable across the board.
The reason I'm respecting the existing umask at all (instead of
using 0000 across the board like most daemonizers) is because
the admin may want to restrict access (especially write access)
to log files.
I can't think of a good reason to ever use restrictive
permissions with UNIX domain sockets for an HTTP server.
Since some folks run their nginx on port 80 and then
have it drop permissions, we need to ensure our socket
is readable and writable across the board.
The reason I'm respecting the existing umask at all (instead of
using 0000 across the board like most daemonizers) is because
the admin may want to restrict access (especially write access)
to log files.
| lib/unicorn/socket.rb | diffblobblamehistory | |
| test/unit/test_socket_helper.rb | diffblobblamehistory |