[Supervisor-users] [Fwd: Re: FastCGI - socket not being created with correct user]
Chris McDonough
chrism at plope.com
Tue Oct 20 13:57:37 EDT 2009
Roger Hoover wrote:
> 1) Keep the current behavior (not what people expect) - this means for
> unix domain sockets, users must set their umasks and directory
> permissions appropriately so that root can create sockets that non-root
> processes can access.
> 2) Have the root supervisord process do chmod/chown on the fcgi sockets
> in the same way it does for the chmod/chown options in the
> unix_http_server section of the config
> (http://supervisord.org/manual/current/configuration.html#unix_http_server).
> The only question about this approach is whether it's possible to
> chown/chmod the socket so that the root supervisord process can no
> longer clean up the socket when it needs to.
> 3) Do something like Apache mod_fastcgi does with a FastCgiWrapper
> (http://www.fastcgi.com/mod_fastcgi/docs/mod_fastcgi.html#FastCgiWrapper)
> which I think means that each FCGI process group would need to fork a
> "wrapper" process that runs as the non-root user and manages the FCGI
> socket. This seems like a lot of work and potentially messy integration
> with the main supervisord event loop for dealing with SIGCHILD, etc.
>
> #2 seems the most promising. Anyone see any issues with it? I already
> tried setting chmod=0000 and chown=<non_root_user> in the
> unix_http_server section of supervisord.conf and the domain socket file
> was successfully deleted after supervisord exited.
That sounds about right to me...
More information about the Supervisor-users
mailing list