fcgiwrap listening to a unix socket file: how to change file permissions

Posted by user36520 on Super User See other posts from Super User or by user36520
Published on 2012-07-06T08:27:51Z Indexed on 2012/07/06 9:18 UTC
Read the original article Hit count: 350

Filed under:
|
|
|

I have a web server (nginx) and a CGI application (gitweb) that is ran with fcgiwrap to enable Fast CGI access to it. I want the Fast CGI protocol to take place over a unix socket file.

To start the fcgiwrap daemon, I run:

setuidgid git fcgiwrap -s "unix:$PWD/fastcgi.sock"

(this is a daemontools daemon)

The problem is that my web server runs as the user www-data and not the user git. And fcgiwrap creates the socket fastcgi.sock with user git, group git and read only fort the non owner. Thus, nginc with the user www-data can't access the socket.

Apparently, fcgiwrap is not able to select permissions of unix socket files. And this is quite annoying. Moreover, if I manage to have the socket file exists before I run fcgiwrap (which is quite difficult given I did not find any shell command to create a socket file), it quits with the following error:

Failed to bind: Address already in use

The only solution I found is to start the server the following way:

rm -f fastcgi.sock # Ensure that the socket doesn't already exists
(sleep 5; chgrp www-data fastcgi.sock; chmod g+w fastcgi.sock) &
exec setuidgid git fcgiwrap -s "unix:$PWD/fastcgi.sock"

Which is far from the most elegant solution. Can you think of anything better ?

Thanks

© Super User or respective owner

Related posts about unix

Related posts about file-permissions