Hello! On Thu, Sep 22, 2016 at 01:12:21PM +0000, Manole, Sorin wrote:
> Hello, > > It seems that when nginx creates unix domain sockets as a result > of the listen directive it assigns rw permissions for all users. > This is probably because the bind() call which creates the file > follows the process umask. Nginx sets the umask to 0 which is > the most relaxed setting. > > Is there a way to control the permissions assigned at creation > to unix domain sockets created by nginx? I don't think so. If you want to limit access to unix sockets created by nginx, most trivial solution would be to create them in a directory with appropriate permissions. > Is there a deep reason to always set the umask to 0? Would it be > better to let the user decide the umask and inherit it from the > process starting nginx? The umask is set to 0 for nginx to be able to control permissions when explicitly configured (for example when saving files using proxy_store, http://nginx.org/r/proxy_store_access). -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
