fcgiwrap listening to a unix socket file: how to change file permissions
Posted
by
user36520
on Super User
See other posts from Super User
or by user36520
Published on 2012-07-06T08:27:51Z
Indexed on
2012/07/06
9:18 UTC
Read the original article
Hit count: 350
I have a web server (nginx) and a CGI application (gitweb) that is ran with fcgiwrap to enable Fast CGI access to it. I want the Fast CGI protocol to take place over a unix socket file.
To start the fcgiwrap daemon, I run:
setuidgid git fcgiwrap -s "unix:$PWD/fastcgi.sock"
(this is a daemontools daemon)
The problem is that my web server runs as the user www-data
and not the user git
. And fcgiwrap
creates the socket fastcgi.sock
with user git
, group git
and read only fort the non owner. Thus, nginc with the user www-data
can't access the socket.
Apparently, fcgiwrap is not able to select permissions of unix socket files. And this is quite annoying. Moreover, if I manage to have the socket file exists before I run fcgiwrap
(which is quite difficult given I did not find any shell command to create a socket file), it quits with the following error:
Failed to bind: Address already in use
The only solution I found is to start the server the following way:
rm -f fastcgi.sock # Ensure that the socket doesn't already exists
(sleep 5; chgrp www-data fastcgi.sock; chmod g+w fastcgi.sock) &
exec setuidgid git fcgiwrap -s "unix:$PWD/fastcgi.sock"
Which is far from the most elegant solution. Can you think of anything better ?
Thanks
© Super User or respective owner