From 8f6f64076bfc41acf34cd9f295a9b9fe606d8e73 Mon Sep 17 00:00:00 2001 From: florian Date: Mon, 13 Aug 2018 16:54:50 +0000 Subject: [PATCH] Make the owner of fcgi socket configurable. Andrew Daugherity (andrew.daugherity AT gmail) pointed out that this is helpful for his port to linux. For example on openSUSE nginx and Apache run as different users so a compile time default user won't cut it. Man page tweaks jmc@ While here, consistently log users at debug level; from Andrew. --- usr.sbin/slowcgi/slowcgi.8 | 11 +++++++++-- usr.sbin/slowcgi/slowcgi.c | 18 ++++++++++++------ 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/usr.sbin/slowcgi/slowcgi.8 b/usr.sbin/slowcgi/slowcgi.8 index 8e9340e7acb..3d162c93c2c 100644 --- a/usr.sbin/slowcgi/slowcgi.8 +++ b/usr.sbin/slowcgi/slowcgi.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: slowcgi.8,v 1.13 2018/08/01 11:47:29 florian Exp $ +.\" $OpenBSD: slowcgi.8,v 1.14 2018/08/13 16:54:50 florian Exp $ .\" .\" Copyright (c) 2013 Florian Obser .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 1 2018 $ +.Dd $Mdocdate: August 13 2018 $ .Dt SLOWCGI 8 .Os .Sh NAME @@ -25,6 +25,7 @@ .Op Fl d .Op Fl p Ar path .Op Fl s Ar socket +.Op Fl U Ar user .Op Fl u Ar user .Sh DESCRIPTION .Nm @@ -75,6 +76,12 @@ effectively disables the chroot. .It Fl s Ar socket Create and bind to alternative local socket at .Ar socket . +.It Fl U Ar user +Change the owner of +.Pa /var/www/run/slowcgi.sock +to +.Ar user +and its primary group instead of the default www:www. .It Fl u Ar user Drop privileges to .Ar user diff --git a/usr.sbin/slowcgi/slowcgi.c b/usr.sbin/slowcgi/slowcgi.c index a9a90b2db1f..8d8c970d861 100644 --- a/usr.sbin/slowcgi/slowcgi.c +++ b/usr.sbin/slowcgi/slowcgi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: slowcgi.c,v 1.52 2017/07/04 12:48:36 florian Exp $ */ +/* $OpenBSD: slowcgi.c,v 1.53 2018/08/13 16:54:50 florian Exp $ */ /* * Copyright (c) 2013 David Gwynne * Copyright (c) 2013 Florian Obser @@ -256,7 +256,8 @@ __dead void usage(void) { extern char *__progname; - fprintf(stderr, "usage: %s [-d] [-p path] [-s socket] [-u user]\n", + fprintf(stderr, + "usage: %s [-d] [-p path] [-s socket] [-U user] [-u user]\n", __progname); exit(1); } @@ -276,6 +277,7 @@ main(int argc, char *argv[]) struct stat sb; int c, fd; const char *chrootpath = NULL; + const char *sock_user = SLOWCGI_USER; const char *slowcgi_user = SLOWCGI_USER; /* @@ -295,7 +297,7 @@ main(int argc, char *argv[]) } } - while ((c = getopt(argc, argv, "dp:s:u:")) != -1) { + while ((c = getopt(argc, argv, "dp:s:U:u:")) != -1) { switch (c) { case 'd': debug = 1; @@ -306,6 +308,9 @@ main(int argc, char *argv[]) case 's': fcgi_socket = optarg; break; + case 'U': + sock_user = optarg; + break; case 'u': slowcgi_user = optarg; break; @@ -326,13 +331,14 @@ main(int argc, char *argv[]) logger = &syslogger; } - pw = getpwnam(SLOWCGI_USER); + ldebug("sock_user: %s", sock_user); + pw = getpwnam(sock_user); if (pw == NULL) - lerrx(1, "no %s user", SLOWCGI_USER); + lerrx(1, "no %s user", sock_user); fd = slowcgi_listen(fcgi_socket, pw); - lwarnx("slowcgi_user: %s", slowcgi_user); + ldebug("slowcgi_user: %s", slowcgi_user); pw = getpwnam(slowcgi_user); if (pw == NULL) lerrx(1, "no %s user", slowcgi_user); -- 2.20.1