nginx default unix domain socket permissions and umask
Maxim Dounin
mdounin at mdounin.ru
Thu Sep 22 20:35:16 UTC 2016
Hello!
On Thu, Sep 22, 2016 at 01:12:21PM +0000, Manole, Sorin wrote:
> Hello,
>
> It seems that when nginx creates unix domain sockets as a result
> of the listen directive it assigns rw permissions for all users.
> This is probably because the bind() call which creates the file
> follows the process umask. Nginx sets the umask to 0 which is
> the most relaxed setting.
>
> Is there a way to control the permissions assigned at creation
> to unix domain sockets created by nginx?
I don't think so.
If you want to limit access to unix sockets created by nginx, most
trivial solution would be to create them in a directory with
appropriate permissions.
> Is there a deep reason to always set the umask to 0? Would it be
> better to let the user decide the umask and inherit it from the
> process starting nginx?
The umask is set to 0 for nginx to be able to control permissions
when explicitly configured (for example when saving files using
proxy_store, http://nginx.org/r/proxy_store_access).
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list