oblivikun Hello people! Im currently setting up a web server on NetBSD 10 and i want to run a CGI app. To do this i need fcgiwrap.(which id use like fcgiwrap -s unix:/(wherever) and that would give me a unix socket i can use. but since rc.d scripts are run as root(or i dont know how to make them run as a user) i cannot use the unix socket with nginx without running chmod on it. is it possible to A - run chmod on the socket(if it exists) to make it accessible B - somehow run the script as a diffirent user
vsis https://man.netbsd.org/rc.subr.8 Haven't tested yet myself, but I believe you should add a variable like ${your_service}_user=nginx to use nginx user. Something similar can be done with groups, like: ${your_service}_group=nginx.
oblivikun vsis: It seems like i need root perms to create the socket in /run, which means that fcgiwrap must either use a socket not in /run or it should run as root and then then chmod should be run, is this possible?
vsis oblivikun You mean /var/run? Can you change the directory in your app? You could create a dir /var/run/$YOUR_SERVICE and give its ownership to that user. dbus works that way: $ ls -lha /var/run/dbus/ total 1.0K drwxr-xr-x 2 dbus dbus 512B ./ [...]