Appologies for the delay, I have been busy with other things. It's commited now. Thanks, Florian
On Fri, Aug 10, 2018 at 03:49:09PM -0500, Andrew Daugherity wrote: > I think the -U/-u options are a good solution; hopefully that will be merged? > > I noticed a small inconsistency in the logging: slowcgi_user is logged > at warn (which I think is too loud), whereas the chroot and socket > paths are at debug, and the new sock_user setting isn't logged at all. > I've attached an updated diff that uses debug for all of these. > > > Thanks, > Andrew > > On Wed, Aug 1, 2018 at 6:09 AM Florian Obser <[email protected]> wrote: > > > > Nice to see it being useful on other systems, too. :) > > > > Does this work for you? > > > > [diff adding -U option] > Add -U option for socket user. > https://marc.info/?l=openbsd-bugs&m=153312182009277&w=2 > > diff --git slowcgi.8 slowcgi.8 > index 117228403b4..10bd40d2e60 100644 > --- slowcgi.8 > +++ slowcgi.8 > @@ -25,6 +25,7 @@ > .Op Fl d > .Op Fl p Ar path > .Op Fl s Ar socket > +.Op Fl U Ar user > .Op Fl u Ar user > .Sh DESCRIPTION > .Nm > @@ -75,6 +76,12 @@ effectively disables the chroot. > .It Fl s Ar socket > Create and bind to alternative local socket at > .Ar socket . > +.It Fl U Ar user > +change the owner of > +.Pa /var/www/run/slowcgi.sock > +to > +.Ar user > +and its primary group instead of the default www:www. > .It Fl u Ar user > Drop privileges to > .Ar user > diff --git slowcgi.c slowcgi.c > index a9a90b2db1f..9d1e6d47a82 100644 > --- slowcgi.c > +++ slowcgi.c > @@ -256,7 +256,8 @@ __dead void > usage(void) > { > extern char *__progname; > - fprintf(stderr, "usage: %s [-d] [-p path] [-s socket] [-u user]\n", > + fprintf(stderr, > + "usage: %s [-d] [-p path] [-s socket] [-U user] [-u user]\n", > __progname); > exit(1); > } > @@ -276,6 +277,7 @@ main(int argc, char *argv[]) > struct stat sb; > int c, fd; > const char *chrootpath = NULL; > + const char *sock_user = SLOWCGI_USER; > const char *slowcgi_user = SLOWCGI_USER; > > /* > @@ -295,7 +297,7 @@ main(int argc, char *argv[]) > } > } > > - while ((c = getopt(argc, argv, "dp:s:u:")) != -1) { > + while ((c = getopt(argc, argv, "dp:s:U:u:")) != -1) { > switch (c) { > case 'd': > debug = 1; > @@ -306,6 +308,9 @@ main(int argc, char *argv[]) > case 's': > fcgi_socket = optarg; > break; > + case 'U': > + sock_user = optarg; > + break; > case 'u': > slowcgi_user = optarg; > break; > @@ -326,13 +331,14 @@ main(int argc, char *argv[]) > logger = &syslogger; > } > > - pw = getpwnam(SLOWCGI_USER); > + ldebug("sock_user: %s", sock_user); > + pw = getpwnam(sock_user); > if (pw == NULL) > - lerrx(1, "no %s user", SLOWCGI_USER); > + lerrx(1, "no %s user", sock_user); > > fd = slowcgi_listen(fcgi_socket, pw); > > - lwarnx("slowcgi_user: %s", slowcgi_user); > + ldebug("slowcgi_user: %s", slowcgi_user); > pw = getpwnam(slowcgi_user); > if (pw == NULL) > lerrx(1, "no %s user", slowcgi_user); -- I'm not entirely sure you are real.
