Saturday, December 11, 2010

Quick script to run Cherokee under runit

For one of my web services I'm using the Cherokee web server, which just happens to be awesome. I don't want to run anything as root if I don't absolutely have to. Runit gives one great flexibility in the way services are managed. Part of this flexibility is the ability to delegate to users what services they have runit supervise with their own instances of the superviser. I won't be discussing that just in this post. Instead let's look at chpst. This is a great little utility that comes with runit to allow you to start a process with different state attributes like user, group, memory, directory, and more. I use it to conditionally manage the start of the cherokee server thusly:

# cat /var/service/cherokee/run
#!/bin/sh
PATH=/bin:/sbin:/usr/bin/:/usr/sbin:/usr/local/sbin:/usr/local/bin
if [ $(id -u) -eq 0 ] ; then 
    chpst -u mirror:www cherokee -C \
           /usr/local/etc/cherokee/cherokee.conf
else
    cherokee -C /usr/local/etc/cherokee/cherokee.conf
fi
#

This way, when root's supervisor process (re)starts the server the process has no elevated privileges. If any other user stops and restarts the process it executes normally with the privileges of that user. This setup means that we cannot run on port 80. As a remedy for this we run on port 8080 and redirect at the gateway.