Hello people! Im currently setting up a web server on NetBSD 10 and i want to run a CGI app. To do this i need fcgiwrap.(which id use like fcgiwrap -s unix:/(wherever) and that would give me a unix socket i can use. but since rc.d scripts are run as root(or i dont know how to make them run as a user) i cannot use the unix socket with nginx without running chmod on it. is it possible to
A - run chmod on the socket(if it exists) to make it accessible
B - somehow run the script as a diffirent user

https://man.netbsd.org/rc.subr.8

Haven't tested yet myself, but I believe you should add a variable like ${your_service}_user=nginx to use nginx user.

Something similar can be done with groups, like: ${your_service}_group=nginx.

vsis: It seems like i need root perms to create the socket in /run, which means that fcgiwrap must either use a socket not in /run or it should run as root and then then chmod should be run, is this possible?

  • vsis replied to this.

    oblivikun

    You mean /var/run?

    Can you change the directory in your app? You could create a dir /var/run/$YOUR_SERVICE and give its ownership to that user.

    dbus works that way:

    $ ls -lha /var/run/dbus/
    total 1.0K
    drwxr-xr-x 2 dbus dbus 512B ./
    [...]