<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"># HG changeset patch<br># User Kunal Pariani <<a href="mailto:kpariani@zimbra.com">kpariani@zimbra.com</a>><br># Date 1407194790 25200<br>#      Mon Aug 04 16:26:30 2014 -0700<br># Node ID f25ab24517bb5e45b1b7fa1a1502b907f2cff213<br># Parent  f8764e20fcd7f87d98fe97f82b2a8d0a77ed9097<br>The directives such as user, rlimit_core should also be effective on master process<br><br>diff -r f8764e20fcd7 -r f25ab24517bb src/os/unix/ngx_process_cycle.c<br>--- a/src/os/unix/ngx_process_cycle.c<span class="Apple-tab-span" style="white-space: pre;">      </span>Fri Aug 01 20:39:22 2014 -0700<br>+++ b/src/os/unix/ngx_process_cycle.c<span class="Apple-tab-span" style="white-space: pre;">     </span>Mon Aug 04 16:26:30 2014 -0700<br>@@ -93,6 +93,7 @@<br>    ngx_msec_t         delay;<br>    ngx_listening_t   *ls;<br>    ngx_core_conf_t   *ccf;<br>+    struct rlimit      rlmt;<br><br>    sigemptyset(&set);<br>    sigaddset(&set, SIGCHLD);<br>@@ -139,6 +140,64 @@<br><br>    ngx_start_worker_processes(cycle, ccf->worker_processes,<br>                               NGX_PROCESS_RESPAWN);<br>+<br>+    if (ccf->rlimit_nofile != NGX_CONF_UNSET) {<br>+    <span class="Apple-tab-span" style="white-space: pre;">      </span>rlmt.rlim_cur = (rlim_t) ccf->rlimit_nofile;<br>+    <span class="Apple-tab-span" style="white-space: pre;">     </span>rlmt.rlim_max = (rlim_t) ccf->rlimit_nofile;<br>+<br>+    <span class="Apple-tab-span" style="white-space: pre;">  </span>if (setrlimit(RLIMIT_NOFILE, &rlmt) == -1) {<br>+    <span class="Apple-tab-span" style="white-space: pre;">    </span><span class="Apple-tab-span" style="white-space: pre;">  </span>ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno,<br>+    <span class="Apple-tab-span" style="white-space: pre;">      </span><span class="Apple-tab-span" style="white-space: pre;">  </span><span class="Apple-tab-span" style="white-space: pre;">  </span><span class="Apple-tab-span" style="white-space: pre;">  </span>"setrlimit(RLIMIT_NOFILE, %i) failed",<br>+    <span class="Apple-tab-span" style="white-space: pre;">    </span><span class="Apple-tab-span" style="white-space: pre;">  </span><span class="Apple-tab-span" style="white-space: pre;">  </span><span class="Apple-tab-span" style="white-space: pre;">  </span>ccf->rlimit_nofile);<br>+        }<br>+    }<br>+<br>+    if (ccf->rlimit_core != NGX_CONF_UNSET) {<br>+    <span class="Apple-tab-span" style="white-space: pre;">  </span>rlmt.rlim_cur = (rlim_t) ccf->rlimit_core;<br>+    <span class="Apple-tab-span" style="white-space: pre;">       </span>rlmt.rlim_max = (rlim_t) ccf->rlimit_core;<br>+<br>+    <span class="Apple-tab-span" style="white-space: pre;">    </span>if (setrlimit(RLIMIT_CORE, &rlmt) == -1) {<br>+    <span class="Apple-tab-span" style="white-space: pre;">      </span><span class="Apple-tab-span" style="white-space: pre;">  </span>ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno,<br>+    <span class="Apple-tab-span" style="white-space: pre;">      </span><span class="Apple-tab-span" style="white-space: pre;">  </span><span class="Apple-tab-span" style="white-space: pre;">  </span><span class="Apple-tab-span" style="white-space: pre;">  </span>"setrlimit(RLIMIT_CORE, %O) failed",<br>+    <span class="Apple-tab-span" style="white-space: pre;">      </span><span class="Apple-tab-span" style="white-space: pre;">  </span><span class="Apple-tab-span" style="white-space: pre;">  </span><span class="Apple-tab-span" style="white-space: pre;">  </span>ccf->rlimit_core);<br>+        }<br>+    }<br>+<br>+#ifdef RLIMIT_SIGPENDING<br>+    if (ccf->rlimit_sigpending != NGX_CONF_UNSET) {<br>+    <span class="Apple-tab-span" style="white-space: pre;">   </span>rlmt.rlim_cur = (rlim_t) ccf->rlimit_sigpending;<br>+    <span class="Apple-tab-span" style="white-space: pre;"> </span>rlmt.rlim_max = (rlim_t) ccf->rlimit_sigpending;<br>+<br>+    <span class="Apple-tab-span" style="white-space: pre;">      </span>if (setrlimit(RLIMIT_SIGPENDING, &rlmt) == -1) {<br>+    <span class="Apple-tab-span" style="white-space: pre;">        </span><span class="Apple-tab-span" style="white-space: pre;">  </span>ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno,<br>+    <span class="Apple-tab-span" style="white-space: pre;">      </span><span class="Apple-tab-span" style="white-space: pre;">  </span><span class="Apple-tab-span" style="white-space: pre;">  </span><span class="Apple-tab-span" style="white-space: pre;">  </span>"setrlimit(RLIMIT_SIGPENDING, %i) failed",<br>+    <span class="Apple-tab-span" style="white-space: pre;">        </span><span class="Apple-tab-span" style="white-space: pre;">  </span><span class="Apple-tab-span" style="white-space: pre;">  </span><span class="Apple-tab-span" style="white-space: pre;">  </span>ccf->rlimit_sigpending);<br>+        }<br>+    }<br>+#endif<br>+<br>+    if (geteuid() == 0) {<br>+    <span class="Apple-tab-span" style="white-space: pre;">    </span>if (setgid(ccf->group) == -1) {<br>+    <span class="Apple-tab-span" style="white-space: pre;">  </span><span class="Apple-tab-span" style="white-space: pre;">  </span>ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,<br>+    <span class="Apple-tab-span" style="white-space: pre;">      </span><span class="Apple-tab-span" style="white-space: pre;">  </span><span class="Apple-tab-span" style="white-space: pre;">  </span><span class="Apple-tab-span" style="white-space: pre;">  </span>"setgid(%d) failed", ccf->group);<br>+            /* fatal */<br>+    <span class="Apple-tab-span" style="white-space: pre;">     </span><span class="Apple-tab-span" style="white-space: pre;">  </span>exit(2);<br>+        }<br>+<br>+        if (initgroups(ccf->username, ccf->group) == -1) {<br>+        <span class="Apple-tab-span" style="white-space: pre;">    </span>ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,<br>+        <span class="Apple-tab-span" style="white-space: pre;">      </span><span class="Apple-tab-span" style="white-space: pre;">  </span><span class="Apple-tab-span" style="white-space: pre;">  </span>"initgroups(%s, %d) failed",<br>+        <span class="Apple-tab-span" style="white-space: pre;">      </span><span class="Apple-tab-span" style="white-space: pre;">  </span><span class="Apple-tab-span" style="white-space: pre;">  </span>ccf->username, ccf->group);<br>+        }<br>+<br>+        if (setuid(ccf->user) == -1) {<br>+        <span class="Apple-tab-span" style="white-space: pre;">  </span>ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,<br>+        <span class="Apple-tab-span" style="white-space: pre;">      </span><span class="Apple-tab-span" style="white-space: pre;">  </span><span class="Apple-tab-span" style="white-space: pre;">  </span>"setuid(%d) failed", ccf->user);<br>+            /* fatal */<br>+        <span class="Apple-tab-span" style="white-space: pre;">      </span>exit(2);<br>+        }<br>+    }<br>+<br>    ngx_start_cache_manager_processes(cycle, 0);<br><br>    ngx_new_binary = 0;<div><br></div><div>Thanks</div><div>-Kunal</div></body></html>