[FASTCGI] A new newbie -> use a pure socket for communictaion

Rob Lemley rclemley at booksys.com
Wed Sep 9 14:22:49 EDT 2009


You should try to create the unix domain socket with wide-open
permissions initially.  Even though lighttpd may be started as root I
would guess that it works like apache and does a setuid to a different
user before going into web serving mode (try "ps axu | grep light" to
see the User ID (uid) of the light process).

I have solved this with FCGI by calling the unix "umask()" system call
before calling FCGX_OpenSocket().   I recommend a simple exception-safe
smart wrapper around the umask() system call to save and restore the
processes file creation mask value after calling FCGX_OpenSocket().  You
may need to manually remove previously created domain sockets until you
get the permissions correct.

Try something like this:

...
#include <sys/types.h>
#include <sys/stat.h>
#include <stdio.h> //perror()

...

class scoped_umask {
public:
    ~scoped_umask() { ::umask(m_saved_mask); }
    scoped_umask(::mode_t temporary_mask) :
m_saved_mask(::umask(temporary_mask)) {}
private:
    ::mode_t m_saved_mask;
};

...

    {
        scoped_umask saved_umask(0);
        int listen_socket = FCGX_OpenSocket(port.c_str(),
listenQueueBacklog);
        if (listen_socket < 0) {
            perror("FCGX_OpenSocket failed");
            exit(1);
        }
    }

...

Also I would recommend printing out at least the error codes, and error
strings if possible, to help diagnose problems.

Here's a simple small main program to that you can play with to see how
umask(2) works.  You can play with the saved_umask temporary umask value
and the open() mode parameter:

...

#include <fctnl.h>

...

int
main()
{
    scoped_umask saved_umask(0);
    int fd = ::open("/tmp/UMASKTEST", O_RDWR | O_CREAT, 0666);
    if (fd < 0) {
        ::perror("open failed");
        return 1;
    }
    return 0;
}



fastcgi-developers-request at mailman.pins.net wrote:
> Date: Tue, 08 Sep 2009 22:46:28 +0200
> From: Maurus Frey <m.frey at avelon-cetex.com>
> Subject: [FASTCGI] A new newbie -> use a pure socket for communictaion
> To: fastcgi-developers at mailman.fastcgi.com
> Message-ID: <4AA6C2A4.1040209 at avelon-cetex.com>
> Content-Type: text/plain; charset=ISO-8859-15
>
> Hi,
>
> I try to connect a C++ application on a embedded device to the web
> through fastcgi.
>
> For the first test I reused the code by E. Bareev already published on
> this list during August. (Thanks)
>
> Instead of using a port, I want to use a unix Socket.
> ...........code............
> #include <string>
> #include "fcgi_stdio.h"
> #include <stdlib.h>
> #include <iostream>
>
> void handle(FCGX_Request request){
>         FCGX_FPrintF(request.out,
> "Content-type:text/html\r\n\r\n<TITLE>fastcgi</TITLE>\n<H1>Fastcgi:
> Hello world!</H1>\n");
> }
>
> int main(int argc, char* const argv[] )
> {
>     std::string port = "/var/run/fastcgitest.socket";
>     int listenQueueBacklog = 400;
>     FCGX_Stream *in, *out, *err;
>     FCGX_ParamArray envp;
>
>     if(FCGX_Init())    exit(1);
>
>     int listen_socket = FCGX_OpenSocket(port.c_str(), listenQueueBacklog);
>     if(listen_socket < 0)    exit(1);
>
>     FCGX_Request request;
>     if(FCGX_InitRequest(&request,  listen_socket, 0)) exit(1);
>
>     int reqCounter = 0;
>     while(FCGX_Accept_r(&request) == 0)
>     {
>         handle(request);
>         reqCounter++;
>         FCGX_FPrintF(request.out, "\n\r\n\r counter: %d", reqCounter);
>         FCGX_Finish_r(&request);
>     }
>     return 0;
> }
> ...........code............
>
> I got a 500 internal Server Error. Since this is my first fastcgi
> project using a socket, I don't really know the problem.
>
> The lighttpd.error log says:
> 2009-09-08 22:34:45: (mod_fastcgi.c.1761) connect failed: Permission
> denied on unix:/var/run/lighttpd/fastcgitest.socket
> 2009-09-08 22:34:45: (mod_fastcgi.c.2930) backend died; we'll disable it
> for 5 seconds and send the request to another backend instead:
> reconnects: 0 load: 1
> 2009-09-08 22:34:51: (mod_fastcgi.c.2743) fcgi-server re-enabled:
> unix:/var/run/lighttpd/fastcgitest.socket
>
> The lighttpd.conf looks like this:
> fastcgi.debug = 1
> fastcgi.server = (
>   "/test.fcgi" =>
>   ((
>      "socket" => "/var/run/lighttpd/fastcgitest.socket",
>      "check-local" => "disable"
>   ))
> )
>
> If I start the fcgi-app the socket file
> (/var/run/lighttpd/fastcgitest.socket) will be created.
> The access rights are: srwxr-xr-x 1 root root 0 2009-09-08 22:34
> fastcgitest.socket
>
> Lighttpd runs as root, it should be able to access the socket.
>
> What could be the problem?
>
> Thanks for your support.
>
> Maurus
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 09 Sep 2009 09:13:21 +0200
> From: "M. Frey" <m.frey at avelon-cetex.com>
> Subject: Re: [FASTCGI] A new newbie -> use a pure socket for
> 	communictaion
> To: Jay Sprenkle <jsprenkle at gmail.com>
> Cc: fastcgi-developers at mailman.fastcgi.com
> Message-ID: <4AA75591.707 at avelon-cetex.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Hi Jay
>
> Thanks for your answer. And Yes, I'm working on Linux. So any Windows 
> limitations don't affect.
>
> Let me state more precisely: In the code fragment I wrote the wrong 
> socket path. Of course the socket path is similar to the one specified 
> in lighttpd.conf -> /var/run/lighttpd/fastcgitest.socket
>
> It still doesn't work. And lighttpd returns "connect failed: Permission 
> denied"
>
> Am I completely  wrong trying to realize a socket connection using 
> "fcgi_stdio.h"? Or do I have to use the "fcgio.h" header to achieve this?
>
> Thanks for any suggestions.
>
> Maurus
>
>
>
> Jay Sprenkle schrieb:
>   
>> A socket is the method of communications. A port is the part of that. 
>> It's the 'number' assigned to a tcp connection implemented using sockets.
>>
>> The method defined in the fast cgiwhite paper to use tcp connections 
>> using passed file handles as sockets for communications will not work 
>> with newer versions of windows. You're not on windows are you?
>>
>>
>> On Tue, Sep 8, 2009 at 3:46 PM, Maurus Frey <m.frey at avelon-cetex.com 
>> <mailto:m.frey at avelon-cetex.com>> wrote:
>>
>>     Hi,
>>
>>     I try to connect a C++ application on a embedded device to the web
>>     through fastcgi.
>>
>>     For the first test I reused the code by E. Bareev already published on
>>     this list during August. (Thanks)
>>
>>     Instead of using a port, I want to use a unix Socket.
>>     ...........code............
>>     #include <string>
>>     #include "fcgi_stdio.h"
>>     #include <stdlib.h>
>>     #include <iostream>
>>
>>     void handle(FCGX_Request request){
>>            FCGX_FPrintF(request.out,
>>     "Content-type:text/html\r\n\r\n<TITLE>fastcgi</TITLE>\n<H1>Fastcgi:
>>     Hello world!</H1>\n");
>>     }
>>
>>     int main(int argc, char* const argv[] )
>>     {
>>        std::string port = "/var/run/fastcgitest.socket";
>>        int listenQueueBacklog = 400;
>>        FCGX_Stream *in, *out, *err;
>>        FCGX_ParamArray envp;
>>
>>        if(FCGX_Init())    exit(1);
>>
>>        int listen_socket = FCGX_OpenSocket(port.c_str(),
>>     listenQueueBacklog);
>>        if(listen_socket < 0)    exit(1);
>>
>>        FCGX_Request request;
>>        if(FCGX_InitRequest(&request,  listen_socket, 0)) exit(1);
>>
>>        int reqCounter = 0;
>>        while(FCGX_Accept_r(&request) == 0)
>>        {
>>            handle(request);
>>            reqCounter++;
>>            FCGX_FPrintF(request.out, "\n\r\n\r counter: %d", reqCounter);
>>            FCGX_Finish_r(&request);
>>        }
>>        return 0;
>>     }
>>     ...........code............
>>
>>     I got a 500 internal Server Error. Since this is my first fastcgi
>>     project using a socket, I don't really know the problem.
>>
>>     The lighttpd.error log says:
>>     2009-09-08 22:34:45: (mod_fastcgi.c.1761) connect failed: Permission
>>     denied on unix:/var/run/lighttpd/fastcgitest.socket
>>     2009-09-08 22:34:45: (mod_fastcgi.c.2930) backend died; we'll disable it
>>     for 5 seconds and send the request to another backend instead:
>>     reconnects: 0 load: 1
>>     2009-09-08 22:34:51: (mod_fastcgi.c.2743) fcgi-server re-enabled:
>>     unix:/var/run/lighttpd/fastcgitest.socket
>>
>>     The lighttpd.conf looks like this:
>>     fastcgi.debug = 1
>>     fastcgi.server = (
>>      "/test.fcgi" =>
>>      ((
>>         "socket" => "/var/run/lighttpd/fastcgitest.socket",
>>         "check-local" => "disable"
>>      ))
>>     )
>>
>>     If I start the fcgi-app the socket file
>>     (/var/run/lighttpd/fastcgitest.socket) will be created.
>>     The access rights are: srwxr-xr-x 1 root root 0 2009-09-08 22:34
>>     fastcgitest.socket
>>
>>     Lighttpd runs as root, it should be able to access the socket.
>>
>>     What could be the problem?
>>
>>     Thanks for your support.
>>
>>     Maurus
>>     _______________________________________________
>>     FastCGI-developers mailing list
>>     FastCGI-developers at mailman.fastcgi.com
>>     <mailto:FastCGI-developers at mailman.fastcgi.com>
>>     http://mailman.pins.net/mailman/listinfo.cgi/fastcgi-developers
>>
>>
>>
>>
>> -- 
>> Cause united breaks guitars
>> http://www.youtube.com/watch?v=5YGc4zOqozo
>>
>>     
>
>
> ------------------------------
>
> _______________________________________________
> FastCGI-developers mailing list
> FastCGI-developers at mailman.fastcgi.com
> http://mailman.pins.net/mailman/listinfo.cgi/fastcgi-developers
>
>
> End of FastCGI-developers Digest, Vol 14, Issue 7
> *************************************************
>
>
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.pins.net/mailman/private.cgi/fastcgi-developers/attachments/20090909/80a2de08/attachment.html>


More information about the FastCGI-developers mailing list