Fcgi permissions according to script owner

Does the fastcgi permissions in nginx work like those in Apache, in
which it
runs with permissions of the script owner?

From what I see it runs with the permissions of the web user. Can it be
changed to run with only the scripts owners rights?


Frank C.

=======================

On 16.08.2010 14:00, Frank C. wrote:

Does the fastcgi permissions in nginx work like those in Apache, in which it
runs with permissions of the script owner?

changed to run with only the scripts owners rights?

Depends on cgi ‘script’. Are you talking about suphp, suexec?

– Piotr.

On 16 August 2010 16:46, Piotr K. [email protected] wrote:

Apache uses suexec to run the fastcgi under the user accounts
permissions,
the script I am using the php-fcgi daemon in /etc/init.d?

Does nginx have the ability to do the same?

– Piotr.


nginx mailing list
[email protected]
http://nginx.org/mailman/listinfo/nginx


Frank C.

=======================
http://devblog.brahmancreations.com

On 16.08.2010 19:24, Frank C. wrote:

On 16 August 2010 16:46, Piotr K.[email protected] wrote:

Apache uses suexec to run the fastcgi under the user accounts permissions,
the script I am using the php-fcgi daemon in /etc/init.d?

I have no idea about what /etc/init.d/php-fcgi script you are talking. I
guess it’s distro specified script which use spawn-fcgi to spawn php.

Does nginx have the ability to do the same?

As I said, depends on what cgi you are talking about.

Nginx don’t have ability to run cgi itself, it can connect to listening
php or any other fastcgi. If you are talking about php, you can use
spawn-fcgi or php-fpm (better) to run php as specified user.

So yes, you can have php script running as selected user.

Your way of thinking has been distorted by apache’s mod_php propably.

– Piotr.

On 16.08.2010 21:32, Frank C. wrote:

On 16 August 2010 19:24, Piotr K.[email protected] wrote:

Apache suexec actually.

Googling has led me to the fact that different a separate php-fcgi can be
made to run on a separate port for each user. It isn’t what I expected as it
has to be run manually for each user, but it is good enough for my needs.

Use sockets instead of ports, and there is no need to do it manualy with
php-fpm, just add it to php-fpm.conf and it will spawn php for your
users.

PS. I posted an earlier thread about the problems I am having with an empty
$_REQUEST, $_GET and $_POST variables. Can you help me with that?

No, sorry. I am not a php guy. Everything is working for me.

– Piotr.

Another option is perhaps using suid to let those processes spawn on
whatever ports while limiting permissions outside those scripts. In
other words, suexec within the Unix/Linux OS:
http://www.howtoforge.com/linux_setting_suid_sgid_bits

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,120297,120474#msg-120474

On 16 August 2010 19:24, Piotr K. [email protected] wrote:

So yes, you can have php script running as selected user.

Your way of thinking has been distorted by apache’s mod_php propably.

Apache suexec actually.

Googling has led me to the fact that different a separate php-fcgi can
be
made to run on a separate port for each user. It isn’t what I expected
as it
has to be run manually for each user, but it is good enough for my
needs.

PS. I posted an earlier thread about the problems I am having with an
empty
$_REQUEST, $_GET and $_POST variables. Can you help me with that?

– Piotr.


nginx mailing list
[email protected]
http://nginx.org/mailman/listinfo/nginx


Frank C.

=======================
http://devblog.brahmancreations.com

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs