From 87a38bdf8d16d225ed3eca6548901e91d0d7562c Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Tue, 22 Sep 2015 18:34:03 +0900
Subject: [PATCH] nghttpx: Chown UNIX domain socket to user specified as --user

---
 src/shrpx.cc | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/shrpx.cc b/src/shrpx.cc
index 37980eca..006a90bb 100644
--- a/src/shrpx.cc
+++ b/src/shrpx.cc
@@ -704,6 +704,16 @@ int event_loop() {
     }
 
     ssv.server_fd = fd;
+
+    if (get_config()->uid != 0) {
+      // fd is not associated to inode, so we cannot use fchown(2)
+      // here.  https://lkml.org/lkml/2004/11/1/84
+      if (chown_to_running_user(get_config()->host.get()) == -1) {
+        auto error = errno;
+        LOG(WARN) << "Changing owner of UNIX domain socket "
+                  << get_config()->host.get() << " failed: " << strerror(error);
+      }
+    }
   } else {
     close_env_fd({ENV_UNIX_FD});
     auto fd6 = create_tcp_server_socket(AF_INET6);