GNU bug report logs - #33966
fcgiwrap: additional options for logging and unix domain sockets

Previous Next

Full log

Message #16 received at 33966 <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Florian Dold <florian.dold <at> gmail.com>
Cc: 33966 <at> debbugs.gnu.org
Subject: Re: bug#33966: fcgiwrap: additional options for logging and unix
 domain sockets
Date: Mon, 11 Nov 2024 21:41:11 +0900

Hi Florian,

Florian Dold <florian.dold <at> gmail.com> writes:

> Hi Guix,
>
> this patch adds additional options to the fcgiwrap service.  In
> particular it allows
>
> 1. writing the output of the fcgi process to a file (with the 'log-file'
> option)
>
> 2. arranging for a directory to be created so that the fcgiwrap process
> can create its listening socket without running into permission problems
> (with the 'ensure-socket-dir?' option)
>
> 3. adjusting the permissions on the listening unix domain socket,
> typically so that users in the fcgiwrap group have read and write access
> to that socket (with the 'adjusted-socket-permissions' option)
>
> Additionally, a potentially left-over fcgiwrap socket is cleaned up
> before starting the service, which would otherwise lead to the process
> refusing to run.
>
> The documentation is also changed to address a potential security issue,
> now recommending against running fcgiwrap as root.
>
> The configuration defaults are not ideal (a tcp socket with unrestricted
> access from any local user), but impossible to change without breaking
> existing system definitions.

Unfortunately this great patch no longer applies cleanly (there are
conflicts in the doc).  Would you be so kind as to resend an updated
version?

-- 
Thanks,
Maxim

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.