owner of the control socket
Valentin V. Bartenev
vbart at nginx.com
Thu Aug 22 20:08:02 UTC 2019
On Wednesday, 21 August 2019 21:47:21 MSK John Gruber wrote:
> I'm attempting to proxy_pass secured access to the unit control socket from
> an nginx instance running as my distro default nginx user. The unit control
> socket is owned and restricted to 'root' access. Therefore I get a 502
> error from my requests to the nginx listener. If I chmod the control socket
> to nginx:nginx (the same user I run unitd and nginx), my proxy_pass secured
> access works.
>
> Can anyone tell me how to get unitd to create the control socket as its
> configured user and group?
>
> For example:
>
> unitd --user nginx --group nginx
>
> would then create my control socket owned by nginx:nginx?
[..]
These options specify user and group for unprivileged processes
and don't affect control socket, which is for security purposes
managed by root.
>
> I would really rather not wrap a shell script around my instance so that I
> run chown every time unitd runs.
>
That's a known problem. Adding options for changing control socket
permissions is in our TODO list.
wbr, Valentin V. Bartenev
More information about the unit
mailing list