owner of the control socket

Valentin V. Bartenev vbart at nginx.com
Thu Aug 22 20:08:02 UTC 2019

On Wednesday, 21 August 2019 21:47:21 MSK John Gruber wrote:
> I'm attempting to proxy_pass secured access to the unit control socket from
> an nginx instance running as my distro default nginx user. The unit control
> socket is owned and restricted to 'root' access. Therefore I get a 502
> error from my requests to the nginx listener. If I chmod the control socket
> to nginx:nginx (the same user I run unitd and nginx), my proxy_pass secured
> access works.
> Can anyone tell me how to get unitd to create the control socket as its
> configured user and group?
> For example:
> unitd --user nginx --group nginx
> would then create my control socket owned by nginx:nginx?

These options specify user and group for unprivileged processes
and don't affect control socket, which is for security purposes
managed by root.

> I would really rather not wrap a shell script around my instance so that I
> run chown every time unitd runs.

That's a known problem.  Adding options for changing control socket
permissions is in our TODO list.

   wbr, Valentin V. Bartenev

More information about the unit mailing list