On Wed, Aug 1, 2018 at 6:09 AM Florian Obser <[email protected]> wrote:
>
> Nice to see it being useful on other systems, too. :)
>
> Does this work for you?
> [diff snipped]
Yes, that works great!
Although I think you want to capitalize "Change" in the man page.
I'm also playing around with a version that accepts "-U user:group" (a
la chown), which I think would be preferable to a separate group
option. That one is attached (since I can't seem to paste tabs
inline).
It's obviously preliminary and I'd also add that handing to the -u
option, if this is acceptable.
-Andrew
--- dist/slowcgi.8 2018-07-27 16:54:03.166650504 -0500
+++ slowcgi.8 2018-08-02 13:41:02.504823824 -0500
@@ -25,6 +25,7 @@
.Op Fl d
.Op Fl p Ar path
.Op Fl s Ar socket
+.Op Fl U Ar user
.Op Fl u Ar user
.Sh DESCRIPTION
.Nm
@@ -75,6 +76,14 @@
.It Fl s Ar socket
Create and bind to alternative local socket at
.Ar socket .
+.It Fl U Ar user[:group]
+Change the owner of
+.Pa /var/www/run/slowcgi.sock
+to
+.Ar user
+and its primary group instead of the default www:www. If specified as
+.Qq user:group ,
+use that group instead.
.It Fl u Ar user
Drop privileges to
.Ar user
--- dist/slowcgi.c 2018-07-27 16:54:03.166650504 -0500
+++ slowcgi.c 2018-08-02 15:14:42.440268902 -0500
@@ -29,6 +29,7 @@
#include <fcntl.h>
#include <errno.h>
#include <event.h>
+#include <grp.h>
#include <limits.h>
#include <pwd.h>
#include <signal.h>
@@ -256,7 +257,8 @@
usage(void)
{
extern char *__progname;
- fprintf(stderr, "usage: %s [-d] [-p path] [-s socket] [-u user]\n",
+ fprintf(stderr,
+ "usage: %s [-d] [-p path] [-s socket] [-U user] [-u user]\n",
__progname);
exit(1);
}
@@ -273,9 +275,12 @@
extern char *__progname;
struct listener *l = NULL;
struct passwd *pw;
+ struct group *gr;
struct stat sb;
int c, fd;
const char *chrootpath = NULL;
+ const char *sock_user = SLOWCGI_USER;
+ const char *sock_group = NULL;
const char *slowcgi_user = SLOWCGI_USER;
/*
@@ -295,7 +300,7 @@
}
}
- while ((c = getopt(argc, argv, "dp:s:u:")) != -1) {
+ while ((c = getopt(argc, argv, "dp:s:U:u:")) != -1) {
switch (c) {
case 'd':
debug = 1;
@@ -306,6 +311,14 @@
case 's':
fcgi_socket = optarg;
break;
+ case 'U':
+ if (strchr(optarg, ':')) {
+ /* accept "user:group" syntax */
+ sock_user = strsep(&optarg, ":");
+ sock_group = optarg;
+ } else
+ sock_user = optarg;
+ break;
case 'u':
slowcgi_user = optarg;
break;
@@ -326,9 +339,16 @@
logger = &syslogger;
}
- pw = getpwnam(SLOWCGI_USER);
+ pw = getpwnam(sock_user);
if (pw == NULL)
- lerrx(1, "no %s user", SLOWCGI_USER);
+ lerrx(1, "no %s user", sock_user);
+ if (sock_group) {
+ gr = getgrnam(sock_group);
+ if (gr == NULL)
+ lerrx(1, "no %s group", sock_group);
+ else
+ pw->pw_gid = gr->gr_gid;
+ }
fd = slowcgi_listen(fcgi_socket, pw);
