owner of the control socket

Alen Topcic pmuals7 at gmail.com
Fri Aug 23 00:13:51 UTC 2019


hello just send a picture

22. avg. 2019 22:06 je oseba "Valentin V. Bartenev" <vbart at nginx.com>
napisala:

> On Wednesday, 21 August 2019 21:47:21 MSK John Gruber wrote:
> > I'm attempting to proxy_pass secured access to the unit control socket
> from
> > an nginx instance running as my distro default nginx user. The unit
> control
> > socket is owned and restricted to 'root' access. Therefore I get a 502
> > error from my requests to the nginx listener. If I chmod the control
> socket
> > to nginx:nginx (the same user I run unitd and nginx), my proxy_pass
> secured
> > access works.
> >
> > Can anyone tell me how to get unitd to create the control socket as its
> > configured user and group?
> >
> > For example:
> >
> > unitd --user nginx --group nginx
> >
> > would then create my control socket owned by nginx:nginx?
> [..]
>
> These options specify user and group for unprivileged processes
> and don't affect control socket, which is for security purposes
> managed by root.
>
>
> >
> > I would really rather not wrap a shell script around my instance so that
> I
> > run chown every time unitd runs.
> >
>
> That's a known problem.  Adding options for changing control socket
> permissions is in our TODO list.
>
>    wbr, Valentin V. Bartenev
>
>
>
> _______________________________________________
> unit mailing list
> unit at nginx.org
> https://mailman.nginx.org/mailman/listinfo/unit
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/unit/attachments/20190823/f290f003/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20190823_020625.jpg
Type: image/jpeg
Size: 667516 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/unit/attachments/20190823/f290f003/attachment.jpg>


More information about the unit mailing list