Changing ownership of unicorn worker processes

[Joseph Hammerman]

Hello Capistrano users email list,

I'm attempting to set up what I think is not an uncommon configuration: a dedicated, unprivileged 'deploy' user, who then hands off execution to a dedicated application user. In the unicorn.rb's that are prevalent as examples on the web, something similar to:

after_fork do |server, worker|

  uid, gid = Process.euid, Process.egid

  user, group = 'smp', 'smp'

  target_uid = Etc.getpwnam(user).uid

  target_gid = Etc.getgrnam(group).gid

  worker.tmp.chown(target_uid, target_gid)

Is popular. However, as 'deploy' user I cannot execute on this. I am ok with setting up passwordless sudo to the appropriate commands. So the questions then are:

Is it possible to escalate the execution privileges of a single line of ruby code?

If not, how can I get the pids of the worker processes in order to input them into the shell escape? Should I write them out to a file?

As an aside, how can I obtain and reference the RAILS_ENV variable in Capistrano 3? There is a good amount of conflicting information available, none of which seemed to function correctly for me.

Thanks,

Joseph Hammerman

Versions:

• Ruby 2.0.0p247
• Capistrano 2.15.5
• Rake 10.2.2 
• Rails 4.0.2

Platform:

• Working on CentOS 6.3
• Deploying to Ubuntu 12.04.4

Files:

http://pastebin.com/vFkJBkwX