NAME
Mojolicious::Plugin::SetUserGroup - Mojolicious plugin to set unprivileged credentials
SYNOPSIS
# Mojolicious
$self->plugin(SetUserGroup => {user => $user, group => $group});
# Mojolicious::Lite
plugin SetUserGroup => {user => $user, group => $group};
# Production mode only
plugin SetUserGroup => {user => $user, group => $group}
if $self->mode eq 'production';
# Root only
plugin SetUserGroup => {user => $user, group => $group}
if $< == 0 or $> == 0;
DESCRIPTION
This plugin is intended to replace the setuidgid
functionality of Mojo::Server. It should be loaded in application startup and it will change the user and group credentials of the process when Mojo::IOLoop is started, which occurs in each worker process of a Mojo::Server::Prefork daemon like hypnotoad.
This allows an application to be started as root so it can bind to privileged ports such as port 80 or 443, but run worker processes as unprivileged users. However, if the application is not started as root, it will most likely fail to change credentials. So, you should only set the user/group when the application is started as root.
This module requires Unix::Groups and thus will only work on Unix-like systems like Linux, OS X, and BSD.
METHODS
Mojolicious::Plugin::SetUserGroup inherits all methods from Mojolicious::Plugin and implements the following new ones.
register
$plugin->register(Mojolicious->new, {user => $user, group => $group});
Install callback to change process credentials on the next Mojo::IOLoop tick. If option user
is undefined, no credential change will occur. If option group
is undefined but user
is defined, the group will be set to a group matching the user name. If credential changes fail, an error will be logged and the process will be stopped.
AUTHOR
Dan Book, dbook@cpan.org
CONTRIBUTORS
COPYRIGHT AND LICENSE
Copyright 2015, Dan Book.
This library is free software; you may redistribute it and/or modify it under the terms of the Artistic License version 2.0.