[Supervisor-users] [Fwd: Re: FastCGI - socket not being created with correct user]
Roger Hoover
roger.hoover at gmail.com
Fri Oct 23 12:30:45 EDT 2009
Hmmm...the more I think about it., socket_owner and socket_mode are indeed
better names. Chris/Mike, do you want to weigh in on consistency vs.
clarity?
On Fri, Oct 23, 2009 at 9:08 AM, Roger Hoover <roger.hoover at gmail.com>wrote:
>
>
> On Fri, Oct 23, 2009 at 8:57 AM, Grzegorz Nosek <root at localdomain.pl>wrote:
>
>> On Fri, Oct 23, 2009 at 08:33:28AM -0700, Roger Hoover wrote:
>> > I'm most of the way there on #2. The issue is that as far as I can tell
>> > there's no way to find out the umask for a user so I don't automatically
>> > know what permissions to chmod the FCGI socket with. Now, the choices
>> are
>> >
>> > a) Don't chmod the FCGI socket, just chown it to the uid/gid of the user
>> the
>> > process will run as
>> >
>> > b) Add socket_chown, socket_chmod args that only apply to unix domain
>> > sockets. This allows the most control for the user but the fact that
>> the
>> > params don't always make sense is a bit awkward.
>> >
>> > [fcgi-program:test]
>> > command=/foo/bar.fcgi
>> > socket=unix:///tmp/test.socket
>> > socket_chown=rhoover:wheel ; this option would only apply to unix domain
>> > sockets
>> > socket_chmod=0777 ; this option would only apply to unix domain sockets
>> > user=nobody
>> > process_name=foo_%(process_num)s
>> > numprocs=2
>> >
>> > Anyone have an opinion here?
>>
>> I'm for explicit owner and mode options. Apache-style FastCGI wrappers
>> are a pain.
>>
>
> Thanks. I was leaning this direction.
>
>
>>
>> Also, my vote would go to naming these options "socket_owner" and
>> "socket_mode" (or "socket_perm(s)"?) as I've heard enough of "setting
>> chmods" in my day ;)
>>
>
> That makes sense but I'm going for consistency with the existing
> unix_http_server section of the config.
> http://supervisord.org/manual/current/configuration.html#unix_http_server
>
>
>>
>> Best regards,
>> Grzegorz Nosek
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.supervisord.org/pipermail/supervisor-users/attachments/20091023/1f461afe/attachment.htm
More information about the Supervisor-users
mailing list