From 157a1e913ca57b41dbb048c07181a99aa7eb2c7c Mon Sep 17 00:00:00 2001
From: florian
Date: Mon, 13 Aug 2018 16:54:50 +0000
Subject: Make the owner of fcgi socket configurable.

Andrew Daugherity (andrew.daugherity AT gmail) pointed out that this
is helpful for his port to linux. For example on openSUSE nginx and
Apache run as different users so a compile time default user won't cut
it.
Man page tweaks jmc@

While here, consistently log users at debug level; from Andrew.
---
 slowcgi.8 | 11 +++++++++--
 slowcgi.c | 18 ++++++++++++------
 2 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/slowcgi.8 b/slowcgi.8
index 8e9340e..3d162c9 100644
--- a/slowcgi.8
+++ b/slowcgi.8
@@ -1,4 +1,4 @@
-.\"   $OpenBSD: slowcgi.8,v 1.13 2018/08/01 11:47:29 florian Exp $
+.\"   $OpenBSD: slowcgi.8,v 1.14 2018/08/13 16:54:50 florian Exp $
 .\"
 .\" Copyright (c) 2013 Florian Obser <florian@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: August 1 2018 $
+.Dd $Mdocdate: August 13 2018 $
 .Dt SLOWCGI 8
 .Os
 .Sh NAME
@@ -25,6 +25,7 @@
 .Op Fl d
 .Op Fl p Ar path
 .Op Fl s Ar socket
+.Op Fl U Ar user
 .Op Fl u Ar user
 .Sh DESCRIPTION
 .Nm
@@ -75,6 +76,12 @@ effectively disables the chroot.
 .It Fl s Ar socket
 Create and bind to alternative local socket at
 .Ar socket .
+.It Fl U Ar user
+Change the owner of
+.Pa /var/www/run/slowcgi.sock
+to
+.Ar user
+and its primary group instead of the default www:www.
 .It Fl u Ar user
 Drop privileges to
 .Ar user
diff --git a/slowcgi.c b/slowcgi.c
index a9a90b2..8d8c970 100644
--- a/slowcgi.c
+++ b/slowcgi.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: slowcgi.c,v 1.52 2017/07/04 12:48:36 florian Exp $ */
+/*	$OpenBSD: slowcgi.c,v 1.53 2018/08/13 16:54:50 florian Exp $ */
 /*
  * Copyright (c) 2013 David Gwynne <dlg@openbsd.org>
  * Copyright (c) 2013 Florian Obser <florian@openbsd.org>
@@ -256,7 +256,8 @@ __dead void
 usage(void)
 {
 	extern char *__progname;
-	fprintf(stderr, "usage: %s [-d] [-p path] [-s socket] [-u user]\n",
+	fprintf(stderr,
+	    "usage: %s [-d] [-p path] [-s socket] [-U user] [-u user]\n",
 	    __progname);
 	exit(1);
 }
@@ -276,6 +277,7 @@ main(int argc, char *argv[])
 	struct stat	 sb;
 	int		 c, fd;
 	const char	*chrootpath = NULL;
+	const char	*sock_user = SLOWCGI_USER;
 	const char	*slowcgi_user = SLOWCGI_USER;
 
 	/*
@@ -295,7 +297,7 @@ main(int argc, char *argv[])
 		}
 	}
 
-	while ((c = getopt(argc, argv, "dp:s:u:")) != -1) {
+	while ((c = getopt(argc, argv, "dp:s:U:u:")) != -1) {
 		switch (c) {
 		case 'd':
 			debug = 1;
@@ -306,6 +308,9 @@ main(int argc, char *argv[])
 		case 's':
 			fcgi_socket = optarg;
 			break;
+		case 'U':
+			sock_user = optarg;
+			break;
 		case 'u':
 			slowcgi_user = optarg;
 			break;
@@ -326,13 +331,14 @@ main(int argc, char *argv[])
 		logger = &syslogger;
 	}
 
-	pw = getpwnam(SLOWCGI_USER);
+	ldebug("sock_user: %s", sock_user);
+	pw = getpwnam(sock_user);
 	if (pw == NULL)
-		lerrx(1, "no %s user", SLOWCGI_USER);
+		lerrx(1, "no %s user", sock_user);
 
 	fd = slowcgi_listen(fcgi_socket, pw);
 
-	lwarnx("slowcgi_user: %s", slowcgi_user);
+	ldebug("slowcgi_user: %s", slowcgi_user);
 	pw = getpwnam(slowcgi_user);
 	if (pw == NULL)
 		lerrx(1, "no %s user", slowcgi_user);
-- 
cgit v1.2.3-2-gb3c3