Merge #302

302: Add user to worker r=48d90782 a=48d90782 Co-authored-by: Valery Piashchynski <[email protected]>
author: bors[bot] <26634292+bors[bot]@users.noreply.github.com> 2020-04-16 09:14:02 +0000
committer: GitHub <[email protected]> 2020-04-16 09:14:02 +0000
commit: ec4824c60f51254b91fd39bc5b32a74640ff0fd9 (patch)
tree: 8b6021dff7b2dee533596b06dd384f4a7b70ee6d
parent: cc9c74665a9cabcfb006ab6b7a9beafb95ff7316 (diff)
parent: 54044ab8db2336d01d8251d6ff9c93ece6eb514c (diff)
5 files changed, 56 insertions, 8 deletions
diff --git a/osutil/isolate.go b/osutil/isolate.go
index d4b64fb6..387df905 100644
--- a/osutil/isolate.go
+++ b/osutil/isolate.go
@@ -4,6 +4,8 @@ package osutil
 
 import (
 	"os/exec"
+	"os/user"
+	"strconv"
 	"syscall"
 )
 
@@ -11,3 +13,27 @@ import (
 func IsolateProcess(cmd *exec.Cmd) {
 	cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true, Pgid: 0}
 }
+
+func ExecuteFromUser(cmd *exec.Cmd, u string) error {
+	usr, err := user.Lookup(u)
+	if err != nil {
+		return err
+	}
+
+	usrI32, err := strconv.Atoi(usr.Uid)
+	if err != nil {
+		return err
+	}
+
+	grI32, err := strconv.Atoi(usr.Gid)
+	if err != nil {
+		return err
+	}
+
+	cmd.SysProcAttr.Credential = &syscall.Credential{
+		Uid: uint32(usrI32),
+		Gid: uint32(grI32),
+	}
+
+	return nil
+}
diff --git a/osutil/isolate_win.go b/osutil/isolate_win.go
index ca7fca20..52fb5d8a 100644
--- a/osutil/isolate_win.go
+++ b/osutil/isolate_win.go
@@ -11,3 +11,7 @@ import (
 func IsolateProcess(cmd *exec.Cmd) {
 	cmd.SysProcAttr = &syscall.SysProcAttr{CreationFlags: syscall.CREATE_NEW_PROCESS_GROUP}
 }
+
+func ExecuteFromUser(cmd *exec.Cmd, u string) error {
+	return nil
+}
+\ No newline at end of file
diff --git a/server_config.go b/server_config.go
index 5403ff01..32ff0ebc 100644
--- a/server_config.go
+++ b/server_config.go
@@ -21,6 +21,9 @@ type ServerConfig struct {
 	// Command includes command strings with all the parameters, example: "php worker.php pipes".
 	Command string
 
+	// User under which process will be started
+	User string
+
 	// CommandProducer overwrites
 	CommandProducer CommandProducer
 
@@ -96,7 +99,8 @@ func (cfg *ServerConfig) GetEnv() (env []string) {
 	return
 }
 
-// makeCommands returns new command provider based on configured options.
+//=================================== PRIVATE METHODS ======================================================
+
 func (cfg *ServerConfig) makeCommand() func() *exec.Cmd {
 	cfg.mu.Lock()
 	defer cfg.mu.Unlock()
@@ -105,11 +109,22 @@ func (cfg *ServerConfig) makeCommand() func() *exec.Cmd {
 		return cfg.CommandProducer(cfg)
 	}
 
-	var cmd = strings.Split(cfg.Command, " ")
+	var cmdArgs []string
+	cmdArgs = append(cmdArgs, strings.Split(cfg.Command, " ")...)
+
 	return func() *exec.Cmd {
-		cmd := exec.Command(cmd[0], cmd[1:]...)
+		cmd := exec.Command(cmdArgs[0], cmdArgs[1:]...)
 		osutil.IsolateProcess(cmd)
 
+		// if user is not empty, and OS is linux or macos
+		// execute php worker from that particular user
+		if cfg.User != "" {
+			err := osutil.ExecuteFromUser(cmd, cfg.User)
+			if err != nil {
+				return nil
+			}
+		}
+
 		cmd.Env = cfg.GetEnv()
 
 		return cmd
diff --git a/service/limit/service_test.go b/service/limit/service_test.go
index 856ff1a6..b358c1c1 100644
--- a/service/limit/service_test.go
+++ b/service/limit/service_test.go
@@ -63,7 +63,7 @@ func Test_Service_PidEcho(t *testing.T) {
 
 		err := c.Init(&testCfg{
 			httpCfg: `{
-			"address": ":7029",
+			"address": ":17029",
 			"workers":{
 				"command": "php ../../tests/http/client.php pid pipes",
 				"pool": {"numWorkers": 1}
@@ -92,7 +92,7 @@ func Test_Service_PidEcho(t *testing.T) {
 		}()
 
 		time.Sleep(time.Millisecond * 100)
-		req, err := http.NewRequest("GET", "http://localhost:7029", nil)
+		req, err := http.NewRequest("GET", "http://localhost:17029", nil)
 		if err != nil {
 			return err
 		}
diff --git a/static_pool.go b/static_pool.go
index 2186227b..ac9c2529 100644
--- a/static_pool.go
+++ b/static_pool.go
@@ -26,7 +26,7 @@ type StaticPool struct {
 	factory Factory
 
 	// active task executions
-	tmu   sync.Mutex
+	tmu   *sync.Mutex
 	tasks sync.WaitGroup
 
 	// workers circular allocation buf
@@ -36,13 +36,13 @@ type StaticPool struct {
 	numDead int64
 
 	// protects state of worker list, does not affect allocation
-	muw sync.RWMutex
+	muw *sync.RWMutex
 
 	// all registered workers
 	workers []*Worker
 
 	// invalid declares set of workers to be removed from the pool.
-	remove sync.Map
+	remove *sync.Map
 
 	// pool is being destroyed
 	inDestroy int32
@@ -66,6 +66,9 @@ func NewPool(cmd func() *exec.Cmd, factory Factory, cfg Config) (*StaticPool, er
 		workers: make([]*Worker, 0, cfg.NumWorkers),
 		free:    make(chan *Worker, cfg.NumWorkers),
 		destroy: make(chan interface{}),
+		tmu:     &sync.Mutex{},
+		remove:  &sync.Map{},
+		muw:     &sync.RWMutex{},
 	}
 
 	// constant number of workers simplify logic
author	bors[bot] <26634292+bors[bot]@users.noreply.github.com>	2020-04-16 09:14:02 +0000
committer	GitHub <[email protected]>	2020-04-16 09:14:02 +0000
commit	ec4824c60f51254b91fd39bc5b32a74640ff0fd9 (patch)
tree	8b6021dff7b2dee533596b06dd384f4a7b70ee6d
parent	cc9c74665a9cabcfb006ab6b7a9beafb95ff7316 (diff)
parent	54044ab8db2336d01d8251d6ff9c93ece6eb514c (diff)