On Thu, Aug 02, 2018 at 04:22:35PM -0500, Andrew Daugherity wrote:
> On Wed, Aug 1, 2018 at 6:09 AM Florian Obser <[email protected]> wrote:
> >
> > Nice to see it being useful on other systems, too. :)
> >
> > Does this work for you?
> > [diff snipped]
>
> Yes, that works great!
> Although I think you want to capitalize "Change" in the man page.
yes, jmc also pointed that out, fixed in my tree.
>
> I'm also playing around with a version that accepts "-U user:group" (a
> la chown), which I think would be preferable to a separate group
Eww, do you really have a usecase for this? It seems like you would
only need this if you want to access to fcgi socket from two daemons
running as different users at the same time.
I'd prefer to keep the code simple and not have it.
> option. That one is attached (since I can't seem to paste tabs
> inline).
>
> It's obviously preliminary and I'd also add that handing to the -u
> option, if this is acceptable.
>
> -Andrew
> --- dist/slowcgi.8 2018-07-27 16:54:03.166650504 -0500
> +++ slowcgi.8 2018-08-02 13:41:02.504823824 -0500
> @@ -25,6 +25,7 @@
> .Op Fl d
> .Op Fl p Ar path
> .Op Fl s Ar socket
> +.Op Fl U Ar user
> .Op Fl u Ar user
> .Sh DESCRIPTION
> .Nm
> @@ -75,6 +76,14 @@
> .It Fl s Ar socket
> Create and bind to alternative local socket at
> .Ar socket .
> +.It Fl U Ar user[:group]
> +Change the owner of
> +.Pa /var/www/run/slowcgi.sock
> +to
> +.Ar user
> +and its primary group instead of the default www:www. If specified as
> +.Qq user:group ,
> +use that group instead.
> .It Fl u Ar user
> Drop privileges to
> .Ar user
> --- dist/slowcgi.c 2018-07-27 16:54:03.166650504 -0500
> +++ slowcgi.c 2018-08-02 15:14:42.440268902 -0500
> @@ -29,6 +29,7 @@
> #include <fcntl.h>
> #include <errno.h>
> #include <event.h>
> +#include <grp.h>
> #include <limits.h>
> #include <pwd.h>
> #include <signal.h>
> @@ -256,7 +257,8 @@
> usage(void)
> {
> extern char *__progname;
> - fprintf(stderr, "usage: %s [-d] [-p path] [-s socket] [-u user]\n",
> + fprintf(stderr,
> + "usage: %s [-d] [-p path] [-s socket] [-U user] [-u user]\n",
> __progname);
> exit(1);
> }
> @@ -273,9 +275,12 @@
> extern char *__progname;
> struct listener *l = NULL;
> struct passwd *pw;
> + struct group *gr;
> struct stat sb;
> int c, fd;
> const char *chrootpath = NULL;
> + const char *sock_user = SLOWCGI_USER;
> + const char *sock_group = NULL;
> const char *slowcgi_user = SLOWCGI_USER;
>
> /*
> @@ -295,7 +300,7 @@
> }
> }
>
> - while ((c = getopt(argc, argv, "dp:s:u:")) != -1) {
> + while ((c = getopt(argc, argv, "dp:s:U:u:")) != -1) {
> switch (c) {
> case 'd':
> debug = 1;
> @@ -306,6 +311,14 @@
> case 's':
> fcgi_socket = optarg;
> break;
> + case 'U':
> + if (strchr(optarg, ':')) {
> + /* accept "user:group" syntax */
> + sock_user = strsep(&optarg, ":");
> + sock_group = optarg;
> + } else
> + sock_user = optarg;
> + break;
> case 'u':
> slowcgi_user = optarg;
> break;
> @@ -326,9 +339,16 @@
> logger = &syslogger;
> }
>
> - pw = getpwnam(SLOWCGI_USER);
> + pw = getpwnam(sock_user);
> if (pw == NULL)
> - lerrx(1, "no %s user", SLOWCGI_USER);
> + lerrx(1, "no %s user", sock_user);
> + if (sock_group) {
> + gr = getgrnam(sock_group);
> + if (gr == NULL)
> + lerrx(1, "no %s group", sock_group);
> + else
> + pw->pw_gid = gr->gr_gid;
> + }
>
> fd = slowcgi_listen(fcgi_socket, pw);
>
--
I'm not entirely sure you are real.
