[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#33966] fcgiwrap: additional options for logging and unix domain soc

From: Florian Dold
Subject: [bug#33966] fcgiwrap: additional options for logging and unix domain sockets
Date: Thu, 3 Jan 2019 21:02:38 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.3

Hi Guix,

this patch adds additional options to the fcgiwrap service.  In
particular it allows

1. writing the output of the fcgi process to a file (with the 'log-file'

2. arranging for a directory to be created so that the fcgiwrap process
can create its listening socket without running into permission problems
(with the 'ensure-socket-dir?' option)

3. adjusting the permissions on the listening unix domain socket,
typically so that users in the fcgiwrap group have read and write access
to that socket (with the 'adjusted-socket-permissions' option)

Additionally, a potentially left-over fcgiwrap socket is cleaned up
before starting the service, which would otherwise lead to the process
refusing to run.

The documentation is also changed to address a potential security issue,
now recommending against running fcgiwrap as root.

The configuration defaults are not ideal (a tcp socket with unrestricted
access from any local user), but impossible to change without breaking
existing system definitions.

- Florian

Attachment: 0001-services-fcgiwrap-Implement-additional-options.patch
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]