tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Webserver user/group



I mainly run www/nginx as webserver. I also run www/php-fpm that uses an unprivileged user FPM_USER?= ${APACHE_USER}. In my mk.conf, I have APACHE_USER= nginx. I would prefer to have web services' unprivileged users depending on a generic WWW_USER that could be configured according to the webserver actually running.

Do you have objection concerning the following patch:
Index: mk/defaults/mk.conf
===================================================================
RCS file: /cvsroot/pkgsrc/mk/defaults/mk.conf,v
retrieving revision 1.308
diff -u -r1.308 mk.conf
--- mk/defaults/mk.conf	27 Mar 2020 20:57:34 -0000	1.308
+++ mk/defaults/mk.conf	5 Apr 2020 22:52:11 -0000
@@ -1306,6 +1306,16 @@
 # Possible: c rust
 # Default: rust on operating systems supported by lang/rust
 
+LIGHTTPD_GROUP?=	lighttpd
+# The group of the unprivileged user for lighttpd.
+# Possible: any group name
+# Default: lighttpd
+
+LIGHTTPD_USER?=		lighttpd
+# The unprivileged user for lighttpd.
+# Possible: any user name
+# Default: lighttpd
+
 LINUX_LOCALES?=								\
 	af ar bg br ca cs cy da de el en eo es et eu fi fo fr ga gl	\
 	he hr hu hy id is it ja ka kl ko lo lt lv nl no oc pl pt ro	\
@@ -1470,6 +1480,16 @@
 # Possible: any string, leave it empty for no prefix at all
 # Default: nb
 
+NGINX_GROUP?=	nginx
+# The group of the unprivileged user for nginx.
+# Possible: any group name
+# Default: nginx
+
+NGINX_USER?=	nginx
+# The unprivileged user for nginx.
+# Possible: any user name
+# Default: nginx
+
 NMH_EDITOR?= vi
 # default editor for use in nmh.
 # Possible: any editor.
@@ -1839,6 +1859,16 @@
 # Possible: any space-separated list of window managers
 # Default: not defined
 
+WWW_GROUP?=	${APACHE_GROUP}
+# Expected to be the group the web server normally runs as.
+# Possible: any group name
+# Default: ${APACHE_GROUP}
+
+WWW_USER?=	${APACHE_USER}
+# Expected to be the user the web server normally runs as.
+# Possible: any user name
+# Default: ${APACHE_USER}
+
 #X10_PORT=
 # The serial device for misc/bottlerocket to use to communicate
 # to the X10 adaptor.


Home | Main Index | Thread Index | Old Index