only change privilege when starting process

Author: Michael Hale

lib/change_privilege.rb

@@ -1,24 +1,20 @@
-base_dir = File.dirname(__FILE__)
-require File.join(base_dir, 'etc_patch')
+require File.join(File.dirname(__FILE__), 'etc_patch')
 
-def change_privilege(user, group=user)
-  puts ">> Changing process privilege to #{user}:#{group}"
+class CurrentProcess
+  def self.change_privilege(user, group=user)
+    puts ">> Changing process privilege to #{user}:#{group}"
 
-  uid, gid = Process.euid, Process.egid
-  target_uid = Etc.getpwnam(user).uid
-  target_gid = Etc.getgrnam(group).gid
+    uid, gid = Process.euid, Process.egid
+    target_uid = Etc.getpwnam(user).uid
+    target_gid = Etc.getgrnam(group).gid
 
-  if uid != target_uid || gid != target_gid
-    # Change process ownership
-    Process.initgroups(user, target_gid)
-    Process::GID.change_privilege(target_gid)
-    Process::UID.change_privilege(target_uid)
+    if uid != target_uid || gid != target_gid
+      # Change process ownership
+      Process.initgroups(user, target_gid)
+      Process::GID.change_privilege(target_gid)
+      Process::UID.change_privilege(target_uid)
+    end
+  rescue Errno::EPERM => e
+    raise "Couldn't change user and group to #{user}:#{group}: #{e}"
   end
-rescue Errno::EPERM => e
-  raise "Couldn't change user and group to #{user}:#{group}: #{e}"
-end
-
-environment_stat = File.stat(File.join(base_dir, '..', 'config', 'environment.rb'))
-user = Etc.username(environment_stat.uid)
-group = Etc.groupname(environment_stat.gid)
-change_privilege(user, group)
+end

lib/daemons_patch.rb

@@ -1,20 +1,36 @@
-#Tweak the daemons code so that we can specify the logdir seperately from the piddir
-module Daemons
-  class Application
-    def logdir
-      logdir = options[:log_dir]
-      unless logdir
-        logdir = options[:dir_mode] == :system ? '/var/log' : pidfile_dir
-      end
-      logdir
+# Optionally specify the logdir seperately from the piddir
+class Daemons::Application
+  def logdir
+    logdir = options[:log_dir]
+    unless logdir
+      logdir = options[:dir_mode] == :system ? '/var/log' : pidfile_dir
     end
+    logdir
+  end
 
-    def output_logfile
-      (options[:log_output] && logdir) ? File.join(logdir, @group.app_name + '.output') : nil
-    end
+  def output_logfile
+    (options[:log_output] && logdir) ? File.join(logdir, @group.app_name + '.output') : nil
+  end
 
-    def logfile
-      logdir ? File.join(logdir, @group.app_name + '.log') : nil
+  def logfile
+    logdir ? File.join(logdir, @group.app_name + '.log') : nil
+  end
+end
+
+require File.join(File.dirname(__FILE__), 'change_privilege')
+class Daemons::Application
+  alias :old_initialize :initialize 
+  class_eval %{
+    def initialize(*args, &block)
+      old_initialize(*args, &block)
+      change_privilege
     end
+  }
+
+  def change_privilege
+    environment_stat = File.stat(File.join(File.dirname(__FILE__), '..', 'config', 'environment.rb'))
+    user = Etc.username(environment_stat.uid)
+    group = Etc.groupname(environment_stat.gid)
+    CurrentProcess.change_privilege(user, group)
   end
-end
+end

script/email_notifier

@@ -4,7 +4,6 @@ root = File.expand_path(File.dirname(__FILE__) + '/../')
 require 'rubygems'
 require 'daemons'
 require root + '/lib/daemons_patch'
-require root + '/lib/change_privilege'
 
 Daemons.run_proc(
   "email_notifier", 

script/rss_feed_fetcher_daemon

@@ -4,7 +4,6 @@ root = File.expand_path(File.dirname(__FILE__) + '/../')
 require 'rubygems'
 require 'daemons'
 require root + '/lib/daemons_patch'
-require root + '/lib/change_privilege'
 
 Daemons.run(
   File.join(root, 'script', 'rss_feed_fetcher.rb'),