php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #68526 Implement POSIX Access Control List for UDS
Submitted: 2014-11-30 08:34 UTC Modified: 2014-11-30 08:35 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:0 of 1 (0.0%)
From: remi@php.net Assigned: remi (profile)
Status: Closed Package: FPM related
PHP Version: 5.6.4RC1 OS: GNU/LInux
Private report: No CVE-ID: None
 [2014-11-30 08:34 UTC] remi@php.net
Description:
------------
When FPM listen to an UDS socket, security is set by changing the owner/group of the socket, ex:
listen.owner = foo
listen.group = bar

Proposal, keep with behavior and add an optional configuration to use Posix ACL instead:

listen.users = apache,nginx,lighttpd
listen.groups = webserver


Test script:
---------------
$ getfacl /path/to/fpm.sock


Expected result:
----------------
# file: /path/to/fpm.sock
# owner: foo
# group: foo
user::rw-
user:apache:rw-
user:nginx:rw-
user:lighttpd:rw-
group::rw-
group:webserver:rw-
mask::rw-
other::---



Patches

posix-acl.patch (last revision 2014-11-30 17:34 UTC) by remi@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-11-30 08:35 UTC] remi@php.net
-Assigned To: +Assigned To: remi
 [2014-11-30 08:35 UTC] remi@php.net
The following patch has been added/updated:

Patch Name: posix-acl.patch
Revision:   1417336540
URL:        https://bugs.php.net/patch-display.php?bug=68526&patch=posix-acl.patch&revision=1417336540
 [2014-11-30 09:21 UTC] remi@php.net
The following patch has been added/updated:

Patch Name: posix-acl.patch
Revision:   1417339279
URL:        https://bugs.php.net/patch-display.php?bug=68526&patch=posix-acl.patch&revision=1417339279
 [2014-11-30 09:44 UTC] remi@php.net
The following patch has been added/updated:

Patch Name: posix-acl.patch
Revision:   1417340682
URL:        https://bugs.php.net/patch-display.php?bug=68526&patch=posix-acl.patch&revision=1417340682
 [2014-11-30 09:56 UTC] remi@php.net
The following patch has been added/updated:

Patch Name: posix-acl.patch
Revision:   1417341383
URL:        https://bugs.php.net/patch-display.php?bug=68526&patch=posix-acl.patch&revision=1417341383
 [2014-11-30 09:57 UTC] remi@php.net
Sensible comment about option names, so switch to 

listen.acl_users
listen.acl_groups
 [2014-11-30 10:31 UTC] remi@php.net
The following patch has been added/updated:

Patch Name: posix-acl.patch
Revision:   1417343488
URL:        https://bugs.php.net/patch-display.php?bug=68526&patch=posix-acl.patch&revision=1417343488
 [2014-11-30 16:50 UTC] remi@php.net
The following patch has been added/updated:

Patch Name: posix-acl.patch
Revision:   1417366201
URL:        https://bugs.php.net/patch-display.php?bug=68526&patch=posix-acl.patch&revision=1417366201
 [2014-11-30 16:50 UTC] remi@php.net
Patch refeshed with a unit test
(marked as XFAIL as this feature is not enabled by default)
 [2014-11-30 17:34 UTC] remi@php.net
The following patch has been added/updated:

Patch Name: posix-acl.patch
Revision:   1417368892
URL:        https://bugs.php.net/patch-display.php?bug=68526&patch=posix-acl.patch&revision=1417368892
 [2014-11-30 17:35 UTC] remi@php.net
Patch refreshed with check for "sys/acl.h"
 [2014-12-10 07:19 UTC] remi@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=744ada7d9ddb7c0f37c494bf0e7636cb1ed6cb34
Log: Fix bug #68526 Implement POSIX Access Control List for UDS
 [2014-12-10 07:19 UTC] remi@php.net
-Status: Assigned +Status: Closed
 [2014-12-10 20:24 UTC] dmitry@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=744ada7d9ddb7c0f37c494bf0e7636cb1ed6cb34
Log: Fix bug #68526 Implement POSIX Access Control List for UDS
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC