Re: Permissions on UNIX domain sockets

To: debian-user@lists.debian.org
Subject: Re: Permissions on UNIX domain sockets
From: Chris Davies <chris-usenet@roaima.co.uk>
Date: Thu, 10 May 2012 21:45:33 +0100
Message-id: <[🔎] d0mt79x1fc.ln2@news.roaima.co.uk>
Reply-to: chris@roaima.co.uk
References: <[🔎] CALqce=3-ttWVvSWPhOyqvK1O2dX-_HuOmc==15OXDc+aOefXBA@mail.gmail.com>

B.R. <reallfqq-debian@yahoo.fr> wrote:
> Nginx spawns its worker processes with the user 'nginx' who belongs
> to the 'www-data' group. But when Nginx tried to bind on the PHP-FPM
> socket, it encountered a 'permission denied' error.

Is the primary group for the nginx user "www-data" or something
else? Sometimes when a program changes its userid it doesn't assign the
non-default groups (see the getgroups(2) system call).

> The only workaround I found was to spawn the PHP-FPM UNIX socket with
> the 'nginx' user as owner (and thus restricting mode to 0600). The
> group permissions are now useless.

Try setting the group owner for the socket to be the primary group
(as listed in /etc/passwd) for nginx.

> One of my friend told me it was a genuine behavior of Debian but didn't
> explain it to me.

Just because it does the same for your friend does not mean it's the
correct behaviour. You might want to file a bug report against the nginx
package, and if the Debian maintainer can confirm it's the same upstream
they'll take it back to the developers.

Chris

Reply to:

References:
- Permissions on UNIX domain sockets
  - From: "B.R." <reallfqq-debian@yahoo.fr>

Prev by Date: Re: Only 3.6gb of 64gb RAM recognized by 64bit squeeze
Next by Date: Re: OT: More about GPG signing
Previous by thread: Permissions on UNIX domain sockets
Next by thread: Installing vimoutliner in wheezy?
Index(es):
- Date
- Thread