Add user to worker

author: Valery Piashchynski <[email protected]> 2020-04-15 20:16:46 +0300
committer: Valery Piashchynski <[email protected]> 2020-04-15 20:16:46 +0300
commit: 6625950ac6f382f6a46bc52bf17908ef13bdc429 (patch)
tree: 486bdfd86f8f1c0a269cd9dfdf46c1f73943524e
parent: cc9c74665a9cabcfb006ab6b7a9beafb95ff7316 (diff)
5 files changed, 55 insertions, 9 deletions
diff --git a/osutil/isolate.go b/osutil/isolate.go
index d4b64fb6..387df905 100644
--- a/osutil/isolate.go
+++ b/osutil/isolate.go
@@ -4,6 +4,8 @@ package osutil
 
 import (
 	"os/exec"
+	"os/user"
+	"strconv"
 	"syscall"
 )
 
@@ -11,3 +13,27 @@ import (
 func IsolateProcess(cmd *exec.Cmd) {
 	cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true, Pgid: 0}
 }
+
+func ExecuteFromUser(cmd *exec.Cmd, u string) error {
+	usr, err := user.Lookup(u)
+	if err != nil {
+		return err
+	}
+
+	usrI32, err := strconv.Atoi(usr.Uid)
+	if err != nil {
+		return err
+	}
+
+	grI32, err := strconv.Atoi(usr.Gid)
+	if err != nil {
+		return err
+	}
+
+	cmd.SysProcAttr.Credential = &syscall.Credential{
+		Uid: uint32(usrI32),
+		Gid: uint32(grI32),
+	}
+
+	return nil
+}
diff --git a/osutil/isolate_win.go b/osutil/isolate_win.go
index ca7fca20..4a965f42 100644
--- a/osutil/isolate_win.go
+++ b/osutil/isolate_win.go
@@ -10,4 +10,4 @@ import (
 // IsolateProcess change gpid for the process to avoid bypassing signals to php processes.
 func IsolateProcess(cmd *exec.Cmd) {
 	cmd.SysProcAttr = &syscall.SysProcAttr{CreationFlags: syscall.CREATE_NEW_PROCESS_GROUP}
-}
+}
+\ No newline at end of file
diff --git a/server.go b/server.go
index 406bc0a0..d6efa132 100644
--- a/server.go
+++ b/server.go
@@ -166,7 +166,7 @@ func (s *Server) Reconfigure(cfg *ServerConfig) error {
 	pWatcher := s.pController
 	s.mu.Unlock()
 
-	pool, err := NewPool(cfg.makeCommand(), s.factory, *cfg.Pool)
+	pool, err := NewPool(s.cfg.makeCommand(), s.factory, *cfg.Pool)
 	if err != nil {
 		return err
 	}
diff --git a/server_config.go b/server_config.go
index 5403ff01..7b11e309 100644
--- a/server_config.go
+++ b/server_config.go
@@ -21,6 +21,9 @@ type ServerConfig struct {
 	// Command includes command strings with all the parameters, example: "php worker.php pipes".
 	Command string
 
+	// User under which process is starting
+	User string
+
 	// CommandProducer overwrites
 	CommandProducer CommandProducer
 
@@ -38,7 +41,7 @@ type ServerConfig struct {
 	Pool *Config
 
 	// values defines set of values to be passed to the command context.
-	mu  sync.Mutex
+	mu  *sync.Mutex
 	env map[string]string
 }
 
@@ -51,6 +54,8 @@ func (cfg *ServerConfig) InitDefaults() error {
 		cfg.Pool = &Config{}
 	}
 
+	cfg.mu = &sync.Mutex{}
+
 	return cfg.Pool.InitDefaults()
 }
 
@@ -96,7 +101,8 @@ func (cfg *ServerConfig) GetEnv() (env []string) {
 	return
 }
 
-// makeCommands returns new command provider based on configured options.
+//=================================== PRIVATE METHODS ======================================================
+
 func (cfg *ServerConfig) makeCommand() func() *exec.Cmd {
 	cfg.mu.Lock()
 	defer cfg.mu.Unlock()
@@ -105,11 +111,22 @@ func (cfg *ServerConfig) makeCommand() func() *exec.Cmd {
 		return cfg.CommandProducer(cfg)
 	}
 
-	var cmd = strings.Split(cfg.Command, " ")
+	var cmdArgs []string
+	cmdArgs = append(cmdArgs, strings.Split(cfg.Command, " ")...)
+
 	return func() *exec.Cmd {
-		cmd := exec.Command(cmd[0], cmd[1:]...)
+		cmd := exec.Command(cmdArgs[0], cmdArgs[1:]...)
 		osutil.IsolateProcess(cmd)
 
+		// if user is not empty, and OS is linux or macos
+		// execute php worker from that particular user
+		if cfg.User != "" {
+			err := osutil.ExecuteFromUser(cmd, cfg.User)
+			if err != nil {
+				return nil
+			}
+		}
+
 		cmd.Env = cfg.GetEnv()
 
 		return cmd
diff --git a/static_pool.go b/static_pool.go
index 2186227b..ac9c2529 100644
--- a/static_pool.go
+++ b/static_pool.go
@@ -26,7 +26,7 @@ type StaticPool struct {
 	factory Factory
 
 	// active task executions
-	tmu   sync.Mutex
+	tmu   *sync.Mutex
 	tasks sync.WaitGroup
 
 	// workers circular allocation buf
@@ -36,13 +36,13 @@ type StaticPool struct {
 	numDead int64
 
 	// protects state of worker list, does not affect allocation
-	muw sync.RWMutex
+	muw *sync.RWMutex
 
 	// all registered workers
 	workers []*Worker
 
 	// invalid declares set of workers to be removed from the pool.
-	remove sync.Map
+	remove *sync.Map
 
 	// pool is being destroyed
 	inDestroy int32
@@ -66,6 +66,9 @@ func NewPool(cmd func() *exec.Cmd, factory Factory, cfg Config) (*StaticPool, er
 		workers: make([]*Worker, 0, cfg.NumWorkers),
 		free:    make(chan *Worker, cfg.NumWorkers),
 		destroy: make(chan interface{}),
+		tmu:     &sync.Mutex{},
+		remove:  &sync.Map{},
+		muw:     &sync.RWMutex{},
 	}
 
 	// constant number of workers simplify logic
author	Valery Piashchynski <[email protected]>	2020-04-15 20:16:46 +0300
committer	Valery Piashchynski <[email protected]>	2020-04-15 20:16:46 +0300
commit	6625950ac6f382f6a46bc52bf17908ef13bdc429 (patch)
tree	486bdfd86f8f1c0a269cd9dfdf46c1f73943524e
parent	cc9c74665a9cabcfb006ab6b7a9beafb95ff7316 (diff)