linux file permissions for fastcgi socket file and containing folder

0

I am trying to set up mod_fcgid on my server. Part of the requirement is that Apache needs to create a socket file for mod_fcgid.

I specified the folder for Apache to write the socket data to:

/var/lock/apache2/fcgid

I then specified this file in my fcgid.conf file as follows:

SocketPath /var/lock/apache2/fcgid/sock

I then changed the owner of the folder to www-data (the apache user) and gave the onwer full permissions to the folder and its contents.

I was able to run my test fcgi app then.

When I rebooted the machine, I found that ownership of /var/lock/apache2/fcgid has been reset to root, and with permission reset to 700

I have the following questions:

  • Is there something specific about the /var/lock folder? - why is the permissions being reset after a reboot?

  • Should I move my socket file to another location (in case root automatically takes ownership of contents in this folder for security reasons?)

I am running Ubuntu 10.0.4 LTS 64 bit

oompahloompah

Posted 2011-02-12T15:47:05.610

Reputation: 557

Answers

0

Use /var/run for socket files.

user1686

Posted 2011-02-12T15:47:05.610

Reputation: 283 655

@gravity: were you having a guess?. I tried what you recommended (i.e. changing the folder containing the socket file), the fastcgi app worked, then when I rebooted the machine, the file permissions were reset back to root again - same as before. – oompahloompah – 2011-02-12T17:16:23.547

@oompah: I wasn't having a guess; I was suggesting to use a more proper location than /var/lock (which usually only contains lockfiles). – user1686 – 2011-02-12T18:09:57.030

Thanks for the suggestion. However, after using the "best practices" folder you recommended, the problem of root changing permissions remains. Do you know why that is? - as it is, I cannot current deply a fastcgi app on my server for this reason – oompahloompah – 2011-02-13T09:28:08.980