diff options
| -rw-r--r-- | src/nxt_listen_socket.c | 14 | ||||
| -rw-r--r-- | src/nxt_runtime.c | 55 | ||||
| -rw-r--r-- | src/nxt_runtime.h | 6 |
3 files changed, 72 insertions, 3 deletions
diff --git a/src/nxt_listen_socket.c b/src/nxt_listen_socket.c index d477eef1..047c1ef9 100644 --- a/src/nxt_listen_socket.c +++ b/src/nxt_listen_socket.c @@ -127,13 +127,23 @@ nxt_listen_socket_create(nxt_task_t *task, nxt_mp_t *mp, #if (NXT_HAVE_UNIX_DOMAIN) if (family == AF_UNIX) { - name = (nxt_file_name_t *) sa->u.sockaddr_un.sun_path; + const char *user; + const char *group; + nxt_runtime_t *rt = thr->runtime; - access = (S_IRUSR | S_IWUSR); + name = (nxt_file_name_t *) sa->u.sockaddr_un.sun_path; + access = rt->control_mode > 0 ? rt->control_mode : S_IRUSR | S_IWUSR; if (nxt_file_set_access(name, access) != NXT_OK) { goto listen_fail; } + + user = rt->control_user; + group = rt->control_group; + + if (nxt_file_chown(name, user, group) != NXT_OK) { + goto listen_fail; + } } #endif diff --git a/src/nxt_runtime.c b/src/nxt_runtime.c index 9bfabc75..0e7f879e 100644 --- a/src/nxt_runtime.c +++ b/src/nxt_runtime.c @@ -956,6 +956,12 @@ nxt_runtime_conf_read_cmd(nxt_task_t *task, nxt_runtime_t *rt) static const char no_control[] = "option \"--control\" requires socket address\n"; + static const char no_control_mode[] = + "option \"--control-mode\" requires a mode\n"; + static const char no_control_user[] = + "option \"--control-user\" requires a username\n"; + static const char no_control_group[] = + "option \"--control-group\" requires a group name\n"; static const char no_user[] = "option \"--user\" requires username\n"; static const char no_group[] = "option \"--group\" requires group name\n"; static const char no_pid[] = "option \"--pid\" requires filename\n"; @@ -984,6 +990,13 @@ nxt_runtime_conf_read_cmd(nxt_task_t *task, nxt_runtime_t *rt) " --control ADDRESS set address of control API socket\n" " default: \"" NXT_CONTROL_SOCK "\"\n" "\n" + " --control-mode MODE set mode of the control API socket\n" + " default: 0600\n" + "\n" + " --control-user USER set the owner of the control API socket\n" + "\n" + " --control-group GROUP set the group of the control API socket\n" + "\n" " --pid FILE set pid filename\n" " default: \"" NXT_PID "\"\n" "\n" @@ -1032,6 +1045,48 @@ nxt_runtime_conf_read_cmd(nxt_task_t *task, nxt_runtime_t *rt) continue; } + if (nxt_strcmp(p, "--control-mode") == 0) { + if (*argv == NULL) { + write(STDERR_FILENO, no_control_mode, + nxt_length(no_control_mode)); + return NXT_ERROR; + } + + p = *argv++; + + rt->control_mode = strtoul(p, NULL, 8); + + continue; + } + + if (nxt_strcmp(p, "--control-user") == 0) { + if (*argv == NULL) { + write(STDERR_FILENO, no_control_user, + nxt_length(no_control_user)); + return NXT_ERROR; + } + + p = *argv++; + + rt->control_user = p; + + continue; + } + + if (nxt_strcmp(p, "--control-group") == 0) { + if (*argv == NULL) { + write(STDERR_FILENO, no_control_group, + nxt_length(no_control_group)); + return NXT_ERROR; + } + + p = *argv++; + + rt->control_group = p; + + continue; + } + if (nxt_strcmp(p, "--user") == 0) { if (*argv == NULL) { write(STDERR_FILENO, no_user, nxt_length(no_user)); diff --git a/src/nxt_runtime.h b/src/nxt_runtime.h index 66ec0106..7bd490d7 100644 --- a/src/nxt_runtime.h +++ b/src/nxt_runtime.h @@ -70,8 +70,12 @@ struct nxt_runtime_s { const char *ver_tmp; const char *conf; const char *conf_tmp; - const char *control; const char *tmp; + const char *control; + + mode_t control_mode; + const char *control_user; + const char *control_group; nxt_str_t certs; nxt_str_t scripts; |