Thanks for your advice. But
1) It's requirement from my devops collegue and I need to achieve it somehow. Just tell "some people think that your approach is wrong and insecure" is not a valid solution in my case.
2) Other apps (like php-fpm) allows to set up socket rights, as well as socket user and groups via config file. Hypnotoad (and other mojo daemons) has no such options, at least I'm not aware of them. Instead, hypnotoad relies on user umask.
I think (though most likely mistaken), this option should be available to mojo daemons. If a process runs from root, then it should be able to create socket, change permissions according to configuration (or safe default) and then fork children with another user permissions and from that moment relies on user umask.
Is there any thoughts from Mojolicious core team about it? On 01/05/2019 05:43, Charlie Brady wrote:
IMO you *never* want to use 777. Use user or group id of the socket file to control whether nginx can write to it. On Wed, 24 Apr 2019, �~Xл�~L�~O Ра�~A�~Aадин wrote:Hi! I want to run my mojo app with hypnotoad listening on unix socket. conf file looks like this { ... hypnotoad => { listen => ['http+unix://%2Ftmp%2Fmy_app.sock'], workers => 2, proxy => 1, }, } And then file /tmp/my_app.sock has 755 rights (according to user umask). But I need to change it to 777 to allow nginx to write queries to socket. Is there a proper recommended way to achieve that goal? -- Best Regards, Ilya 'elcamlost' Rassadin.
-- You received this message because you are subscribed to the Google Groups "Mojolicious" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/mojolicious. For more options, visit https://groups.google.com/d/optout.
