aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Bühler <stbuehler@web.de>2009-03-29 12:34:15 +0000
committerStefan Bühler <stbuehler@web.de>2009-03-29 12:34:15 +0000
commitac9d5714ee06932194e52295f0264a779886ecf6 (patch)
tree3dafdf7f873dd1fca9cd24a5135fa6c2b62f12e4
parentba17410c533fd67241272fda973b6862ab945888 (diff)
downloadspawn-fcgi-ac9d5714ee06932194e52295f0264a779886ecf6.tar.gz
spawn-fcgi-ac9d5714ee06932194e52295f0264a779886ecf6.zip
Update docs and spelling fixesv1.6.1
git-svn-id: svn://svn.lighttpd.net/spawn-fcgi/trunk@37 4a9f3682-ca7b-49a8-9a55-ba4640e46f83
-rw-r--r--README10
-rw-r--r--spawn-fcgi.130
-rw-r--r--src/spawn-fcgi.c64
3 files changed, 54 insertions, 50 deletions
diff --git a/README b/README
index f696dde..19e7c1f 100644
--- a/README
+++ b/README
@@ -3,15 +3,17 @@
spawn-fcgi
==========
-:author: Jan Kneschke
+:authors: Jan Kneschke, Stefan Bühler
:abstract:
- spawn-fcgi is used to spawn fastcgi applications
+ spawn-fcgi is used to spawn FastCGI applications
Features
--------
-- binds to IPv4 and unix sockets
-
+- binds to IPv4 and Unix domain sockets
+- supports privilege separation: chmod/chown socket, drop to uid/gid
+- supports chroot
+- supports daemontools supervise
Build
=====
diff --git a/spawn-fcgi.1 b/spawn-fcgi.1
index 6a123da..6919541 100644
--- a/spawn-fcgi.1
+++ b/spawn-fcgi.1
@@ -19,20 +19,20 @@ spawn-fcgi \- Spawns FastCGI processes
.
\fIspawn-fcgi\fP is used to spawn remote and local FastCGI processes.
.P
-While it is obviously needed to spawn remote FastCGI backends (the webserver
-can only spawnn local ones), it is recommended to spawn local backends
+While it is obviously needed to spawn remote FastCGI backends (the web server
+can only spawn local ones), it is recommended to spawn local backends
with spawn-fcgi, too.
.P
Reasons why you may want to use spawn-fcgi instead of something else:
.IP * 3
Privilege separation without needing a suid-binary or running a server as root.
.IP * 3
-You can restart your webserver and the FastCGI applications without restarting the others.
+You can restart your web server and the FastCGI applications without restarting the others.
.IP * 3
You can run them in different chroot()s.
.IP * 3
-Running your FastCGI applications doesn't depend on the webserver you are running,
-which allows for easier testing of other webservers.
+Running your FastCGI applications doesn't depend on the web server you are running,
+which allows for easier testing of other web servers.
.
.SH OPTIONS
.
@@ -41,25 +41,27 @@ which allows for easier testing of other webservers.
.B \-f <path>
Filename of the FastCGI application to spawn. This option is deprecated and it
is recommend to always specify the application (absolute path) and its parameters after "--";
+the fcgiapp parameter is directly used for the exec() call, while for starting the binary given
+with \-f /bin/sh is needed (which may not be available in a chroot).
.IP
This option is ignored if fcgiapp is given.
.TP 8
.B \-d <path>
Change the current directory before spawning the application.
.TP 8
-.B \-a <addr>
+.B \-a <address>
IP address to bind to; only used if \-p is given too.
.TP 8
.B \-p <port>
TCP port to bind to; you cannot combine this with the \-s option.
.TP 8
.B \-s <path>
-Path to the Unix-domain socket to bind to; you cannot combine this with the \-p option.
+Path to the Unix domain socket to bind to; you cannot combine this with the \-p option.
.TP 8
.B \-C <children>
(PHP only) Number of children to spawn by setting the PHP_FCGI_CHILDREN
environment variable. Default is not to overwrite the environment variable;
-php will spawn no childs if the var is not set (same as setting it to 0).
+php will spawn no children if the variable is not set (same as setting it to 0).
.TP 8
.B \-F <children>
Number of children to fork, defaults to 1. This option doesn't work with \-n,
@@ -74,7 +76,7 @@ Name of the PID file for spawned processes (ignored in no-fork mode)
No forking should take place (for daemontools)
.TP 8
.B \-M <mode>
-Change file mode of the unix socket; only used if \-s is given too.
+Change file mode of the Unix domain socket; only used if \-s is given too.
.TP 8
.B \-?, \-h
General usage instructions
@@ -85,11 +87,11 @@ Shows version information and exits
.
The following options are only available if you invoke spawn-fcgi as root:
.TP 8
-.B \-c <dir>
-Chroot to specified directory; the unix socket is created inside the chroot unless \-S is given.
+.B \-c <directory>
+Chroot to specified directory; the Unix domain socket is created inside the chroot unless \-S is given.
.TP 8
.B \-S
-Create unix socket before chroot()ing.
+Create Unix domain socket before chroot().
.TP 8
.B \-u
User ID to change to.
@@ -98,10 +100,10 @@ User ID to change to.
Group ID to change to. Defaults to primary group of the user given for \-u.
.TP 8
.B \-U
-Change user of the unix socket, defaults to the value of \-u. (only used if \-s is given)
+Change user of the Unix domain socket, defaults to the value of \-u. (only used if \-s is given)
.TP 8
.B \-G
-Change group of the unix socket, defaults to the primary group of the user given for \-U;
+Change group of the Unix domain socket, defaults to the primary group of the user given for \-U;
if \-U wasn't given, defaults to the value of \-g. (only used if \-s is given)
.
.SH "SEE ALSO"
diff --git a/src/spawn-fcgi.c b/src/spawn-fcgi.c
index f420546..e1ae704 100644
--- a/src/spawn-fcgi.c
+++ b/src/spawn-fcgi.c
@@ -316,7 +316,7 @@ static int find_user_group(const char *user, const char *group, uid_t *uid, gid_
if (my_uid <= 0) {
if (NULL == (my_pwd = getpwnam(user))) {
- fprintf(stderr, "spawn-fcgi: can't find username %s\n", user);
+ fprintf(stderr, "spawn-fcgi: can't find user name %s\n", user);
return -1;
}
my_uid = my_pwd->pw_uid;
@@ -338,7 +338,7 @@ static int find_user_group(const char *user, const char *group, uid_t *uid, gid_
if (my_gid <= 0) {
if (NULL == (my_grp = getgrnam(group))) {
- fprintf(stderr, "spawn-fcgi: can't find groupname %s\n", group);
+ fprintf(stderr, "spawn-fcgi: can't find group name %s\n", group);
return -1;
}
my_gid = my_grp->gr_gid;
@@ -362,9 +362,9 @@ static int find_user_group(const char *user, const char *group, uid_t *uid, gid_
return 0;
}
+#define PACKAGE_DESC "spawn-fcgi v" PACKAGE_VERSION " - spawns FastCGI processes\n"
static void show_version () {
- const char *b = PACKAGE_NAME "-" PACKAGE_VERSION \
-" - spawns fastcgi processes\n"
+ const char *b = PACKAGE_DESC
"Build-Date: " __DATE__ " " __TIME__ "\n";
;
write(1, b, strlen(b));
@@ -374,29 +374,29 @@ static void show_help () {
char *b = \
"Usage: spawn-fcgi [options] [-- <fcgiapp> [fcgi app arguments]]\n" \
"\n" \
-"spawn-fcgi v" PACKAGE_VERSION " - spawns fastcgi processes\n" \
+"spawn-fcgi v" PACKAGE_VERSION " - spawns FastCGI processes\n" \
"\n" \
"Options:\n" \
-" -f <path> filename of the fcgi-application (ignored if <fcgiapp> is given)\n" \
-" -d <dir> chdir to directory before spawning\n" \
-" -a <addr> bind to ip address\n" \
-" -p <port> bind to tcp-port\n" \
-" -s <path> bind to unix-domain socket\n" \
-" -M <mode> change unix-domain socket mode\n" \
-" -C <childs> (PHP only) numbers of childs to spawn (default: not setting\n" \
-" the PHP_FCGI_CHILDREN env var - php defaults to 0)\n" \
-" -F <childs> numbers of childs to fork (default 1)\n" \
-" -P <path> name of PID-file for spawned process (ignored in no-fork mode)\n" \
-" -n no fork (for daemontools)\n" \
-" -v show version\n" \
-" -?, -h show this help\n" \
+" -f <path> filename of the fcgi-application (ignored if <fcgiapp> is given)\n" \
+" -d <directory> chdir to directory before spawning\n" \
+" -a <address> bind to IP address\n" \
+" -p <port> bind to TCP-port\n" \
+" -s <path> bind to Unix domain socket\n" \
+" -M <mode> change Unix domain socket mode\n" \
+" -C <children> (PHP only) numbers of childs to spawn (default: not setting\n" \
+" the PHP_FCGI_CHILDREN environment variable - PHP defaults to 0)\n" \
+" -F <children> number of children to fork (default 1)\n" \
+" -P <path> name of PID-file for spawned process (ignored in no-fork mode)\n" \
+" -n no fork (for daemontools)\n" \
+" -v show version\n" \
+" -?, -h show this help\n" \
"(root only)\n" \
-" -c <dir> chroot to directory\n" \
-" -S create socket before chroot()ing (default is to create the socket in the chroot)\n" \
-" -u <user> change to user-id\n" \
-" -g <group> change to group-id (default: primary group of user if -u is given)\n" \
-" -U <user> change unix-domain socket owner to user-id\n" \
-" -G <group> change unix-domain socket group to group-id\n" \
+" -c <directory> chroot to directory\n" \
+" -S create socket before chroot() (default is to create the socket in the chroot)\n" \
+" -u <user> change to user-id\n" \
+" -g <group> change to group-id (default: primary group of user if -u is given)\n" \
+" -U <user> change Unix domain socket owner to user-id\n" \
+" -G <group> change Unix domain socket group to group-id\n" \
;
write(1, b, strlen(b));
}
@@ -458,7 +458,7 @@ int main(int argc, char **argv) {
}
if (NULL == fcgi_app && NULL == fcgi_app_argv) {
- fprintf(stderr, "spawn-fcgi: no fastcgi application given\n");
+ fprintf(stderr, "spawn-fcgi: no FastCGI application given\n");
return -1;
}
@@ -466,18 +466,18 @@ int main(int argc, char **argv) {
fprintf(stderr, "spawn-fcgi: no socket given (use either -p or -s)\n");
return -1;
} else if (0 != port && NULL != unixsocket) {
- fprintf(stderr, "spawn-fcgi: either a unix domain socket or a tcp-port, but not both\n");
+ fprintf(stderr, "spawn-fcgi: either a Unix domain socket or a TCP-port, but not both\n");
return -1;
}
if (unixsocket && strlen(unixsocket) > sizeof(un.sun_path) - 1) {
- fprintf(stderr, "spawn-fcgi: path of the unix socket is too long\n");
+ fprintf(stderr, "spawn-fcgi: path of the Unix domain socket is too long\n");
return -1;
}
/* SUID handling */
if (!i_am_root && issetugid()) {
- fprintf(stderr, "spawn-fcgi: Are you nuts ? Don't apply a SUID bit to this binary\n");
+ fprintf(stderr, "spawn-fcgi: Are you nuts? Don't apply a SUID bit to this binary\n");
return -1;
}
@@ -487,7 +487,7 @@ int main(int argc, char **argv) {
(-1 == (pid_fd = open(pid_file, O_WRONLY | O_CREAT | O_EXCL | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH)))) {
struct stat st;
if (errno != EEXIST) {
- fprintf(stderr, "spawn-fcgi: opening pid-file '%s' failed: %s\n",
+ fprintf(stderr, "spawn-fcgi: opening PID-file '%s' failed: %s\n",
pid_file, strerror(errno));
return -1;
}
@@ -495,7 +495,7 @@ int main(int argc, char **argv) {
/* ok, file exists */
if (0 != stat(pid_file, &st)) {
- fprintf(stderr, "spawn-fcgi: stating pid-file '%s' failed: %s\n",
+ fprintf(stderr, "spawn-fcgi: stating PID-file '%s' failed: %s\n",
pid_file, strerror(errno));
return -1;
}
@@ -503,13 +503,13 @@ int main(int argc, char **argv) {
/* is it a regular file ? */
if (!S_ISREG(st.st_mode)) {
- fprintf(stderr, "spawn-fcgi: pid-file exists and isn't regular file: '%s'\n",
+ fprintf(stderr, "spawn-fcgi: PID-file exists and isn't regular file: '%s'\n",
pid_file);
return -1;
}
if (-1 == (pid_fd = open(pid_file, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH))) {
- fprintf(stderr, "spawn-fcgi: opening pid-file '%s' failed: %s\n",
+ fprintf(stderr, "spawn-fcgi: opening PID-file '%s' failed: %s\n",
pid_file, strerror(errno));
return -1;
}