diff options
author | florian <florian@openbsd.org> | 2018-08-13 16:54:50 +0000 |
---|---|---|
committer | florian <florian@openbsd.org> | 2018-08-13 16:54:50 +0000 |
commit | 8f6f64076bfc41acf34cd9f295a9b9fe606d8e73 (patch) | |
tree | 91a7dc400d2ad14e6fb1af6051012c4940dc0725 /usr.sbin/slowcgi | |
parent | basic macro cleanup, break lines of excessive length, fix order of sections (diff) | |
download | wireguard-openbsd-8f6f64076bfc41acf34cd9f295a9b9fe606d8e73.tar.xz wireguard-openbsd-8f6f64076bfc41acf34cd9f295a9b9fe606d8e73.zip |
Make the owner of fcgi socket configurable.
Andrew Daugherity (andrew.daugherity AT gmail) pointed out that this
is helpful for his port to linux. For example on openSUSE nginx and
Apache run as different users so a compile time default user won't cut
it.
Man page tweaks jmc@
While here, consistently log users at debug level; from Andrew.
Diffstat (limited to 'usr.sbin/slowcgi')
-rw-r--r-- | usr.sbin/slowcgi/slowcgi.8 | 11 | ||||
-rw-r--r-- | usr.sbin/slowcgi/slowcgi.c | 18 |
2 files changed, 21 insertions, 8 deletions
diff --git a/usr.sbin/slowcgi/slowcgi.8 b/usr.sbin/slowcgi/slowcgi.8 index 8e9340e7acb..3d162c93c2c 100644 --- a/usr.sbin/slowcgi/slowcgi.8 +++ b/usr.sbin/slowcgi/slowcgi.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: slowcgi.8,v 1.13 2018/08/01 11:47:29 florian Exp $ +.\" $OpenBSD: slowcgi.8,v 1.14 2018/08/13 16:54:50 florian Exp $ .\" .\" Copyright (c) 2013 Florian Obser <florian@openbsd.org> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 1 2018 $ +.Dd $Mdocdate: August 13 2018 $ .Dt SLOWCGI 8 .Os .Sh NAME @@ -25,6 +25,7 @@ .Op Fl d .Op Fl p Ar path .Op Fl s Ar socket +.Op Fl U Ar user .Op Fl u Ar user .Sh DESCRIPTION .Nm @@ -75,6 +76,12 @@ effectively disables the chroot. .It Fl s Ar socket Create and bind to alternative local socket at .Ar socket . +.It Fl U Ar user +Change the owner of +.Pa /var/www/run/slowcgi.sock +to +.Ar user +and its primary group instead of the default www:www. .It Fl u Ar user Drop privileges to .Ar user diff --git a/usr.sbin/slowcgi/slowcgi.c b/usr.sbin/slowcgi/slowcgi.c index a9a90b2db1f..8d8c970d861 100644 --- a/usr.sbin/slowcgi/slowcgi.c +++ b/usr.sbin/slowcgi/slowcgi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: slowcgi.c,v 1.52 2017/07/04 12:48:36 florian Exp $ */ +/* $OpenBSD: slowcgi.c,v 1.53 2018/08/13 16:54:50 florian Exp $ */ /* * Copyright (c) 2013 David Gwynne <dlg@openbsd.org> * Copyright (c) 2013 Florian Obser <florian@openbsd.org> @@ -256,7 +256,8 @@ __dead void usage(void) { extern char *__progname; - fprintf(stderr, "usage: %s [-d] [-p path] [-s socket] [-u user]\n", + fprintf(stderr, + "usage: %s [-d] [-p path] [-s socket] [-U user] [-u user]\n", __progname); exit(1); } @@ -276,6 +277,7 @@ main(int argc, char *argv[]) struct stat sb; int c, fd; const char *chrootpath = NULL; + const char *sock_user = SLOWCGI_USER; const char *slowcgi_user = SLOWCGI_USER; /* @@ -295,7 +297,7 @@ main(int argc, char *argv[]) } } - while ((c = getopt(argc, argv, "dp:s:u:")) != -1) { + while ((c = getopt(argc, argv, "dp:s:U:u:")) != -1) { switch (c) { case 'd': debug = 1; @@ -306,6 +308,9 @@ main(int argc, char *argv[]) case 's': fcgi_socket = optarg; break; + case 'U': + sock_user = optarg; + break; case 'u': slowcgi_user = optarg; break; @@ -326,13 +331,14 @@ main(int argc, char *argv[]) logger = &syslogger; } - pw = getpwnam(SLOWCGI_USER); + ldebug("sock_user: %s", sock_user); + pw = getpwnam(sock_user); if (pw == NULL) - lerrx(1, "no %s user", SLOWCGI_USER); + lerrx(1, "no %s user", sock_user); fd = slowcgi_listen(fcgi_socket, pw); - lwarnx("slowcgi_user: %s", slowcgi_user); + ldebug("slowcgi_user: %s", slowcgi_user); pw = getpwnam(slowcgi_user); if (pw == NULL) lerrx(1, "no %s user", slowcgi_user); |