>Synopsis: slowcgi -u user option does not change socket ownership
>Category: user
>Environment:
System : OpenBSD 6.3
Details : OpenBSD 6.3 (GENERIC.MP) #4: Sun Jun 17 11:22:20 CEST 2018
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
Architecture: OpenBSD.amd64
Machine : amd64
>Description:
When using the '-u user' option to run slowcgi under a different username, the
socket is still owned by the default www user. This prevents the specified
user from interacting with the slowcgi socket (and maybe even slowcgi itself
after it drops privileges?).
>How-To-Repeat:
$ doas slowcgi -u andrew -s /home/andrew/slowcgi.sock
$ ls -l /home/andrew/slowcgi.sock
srw-rw---- 1 www www 0 Jul 26 16:07 /home/andrew/slowcgi.sock
>Fix:
Moving the slowcgi_listen() call to after the pw struct is set to slowcgi_user
fixes it:
====
--- usr.sbin/slowcgi/slowcgi.c 2018-07-25 20:46:56.358667880 -0500
+++ usr.sbin/slowcgi/slowcgi.c 2018-07-26 15:14:52.840052633 -0500
@@ -330,13 +330,13 @@
if (pw == NULL)
lerrx(1, "no %s user", SLOWCGI_USER);
- fd = slowcgi_listen(fcgi_socket, pw);
-
lwarnx("slowcgi_user: %s", slowcgi_user);
pw = getpwnam(slowcgi_user);
if (pw == NULL)
lerrx(1, "no %s user", slowcgi_user);
+ fd = slowcgi_listen(fcgi_socket, pw);
+
if (chrootpath == NULL)
chrootpath = pw->pw_dir;
====
$ ls -l /home/andrew/slowcgi.sock
srw-rw---- 1 andrew andrew 0 Jul 26 16:34 /home/andrew/slowcgi.sock
