Tells the daemon to bind to I<address> and accept incoming connections on that
socket. If I<address> begins with C<unix:>, everything following that prefix is
interpreted as the path to a UNIX domain socket. Otherwise the address or node
-name are resolved using getaddrinfo.
+name are resolved using C<getaddrinfo()>.
For network sockets, a port may be specified by using the form
C<B<[>I<address>B<]:>I<port>>. If the address is an IPv4 address or a fully
If the B<-l> option is not specified the default address,
C<unix:/tmp/rrdcached.sock>, will be used.
-=item B<-s> I<id>
+=item B<-s> I<group_name>|I<gid>
Set the group permissions of the UNIX domain socket. The option accepts either
a numeric group id or group name. That group will then have both read and write
-permissions to the socket and therefore able to send commands to the daemon. This
+permissions (the socket will have file permissions 0750) for the socket and,
+therefore, is able to send commands to the daemon. This
may be useful in cases where you cannot easily run all RRD processes with the same
user privileges (e.g. graph generating CGI scripts that typically run in the
permission context of the web server).
+This option affects the I<following> UNIX socket addresses (the following
+B<-l> options), i.e., you may specify different settings for different
+sockets.
+
+The default is not to change ownership or permissions of the socket and, thus,
+use the system default.
+
=item B<-P> I<command>[,I<command>[,...]]
Specifies the commands accepted via a network socket. This allows
rrdcached -P FLUSH,PENDING $MORE_ARGUMENTS
-The B<-P> option effects the I<following> socket addresses (the following B<-l>
+The B<-P> option affects the I<following> socket addresses (the following B<-l>
options). In the following example, only the IPv4 network socket (address
C<10.0.0.1>) will be restricted to the C<FLUSH> and C<PENDING> commands:
ssize_t wbuf_len;
uint32_t permissions;
+
+ gid_t socket_group;
};
typedef struct listen_socket_s listen_socket_t;
static listen_socket_t *listen_fds = NULL;
static size_t listen_fds_num = 0;
-static gboolean set_socket_group = FALSE;
-static gid_t socket_group;
-
enum {
RUNNING, /* normal operation */
FLUSHING, /* flushing remaining values */
}
/* tweak the sockets group ownership */
- if (set_socket_group)
+ if (sock->socket_group != (gid_t)-1)
{
- if ( (chown(path, getuid(), socket_group) != 0) ||
+ if ( (chown(path, getuid(), sock->socket_group) != 0) ||
(chmod(path, (S_IRUSR|S_IWUSR|S_IXUSR | S_IRGRP|S_IWGRP)) != 0) )
{
fprintf(stderr, "rrdcached: failed to set socket group permissions (%s)\n", strerror(errno));
char **permissions = NULL;
size_t permissions_len = 0;
+ gid_t socket_group = (gid_t)-1;
+
while ((option = getopt(argc, argv, "gl:s:P:f:w:z:t:Bb:p:Fj:h?")) != -1)
{
switch (option)
}
/* }}} Done adding permissions. */
+ new->socket_group = socket_group;
+
if (!rrd_add_ptr((void ***)&config_listen_address_list,
&config_listen_address_list_len, new))
{
if (grp)
{
socket_group = grp->gr_gid;
- set_socket_group = TRUE;
}
else
{
projects / rrdtool.git / commitdiff