I have Redmine/Git/nginx/fcgiwrap running in a jail on FreeBSD 9.3 for (potentially) authenticated Git commits over HTTP/S. Everything works until I restart the jail.
In order for a commit to work I need to manually change /var/run/fcgiwrap/fcgiwrap.sock from srwxr-xr-x root:wheel to srwxrwxr-x root:www.
It seems like there should be a better way to do this so that its persistent over a reboot. My feeling is that there should be some way of telling fcgiwrap who to run as but I can't work out where this is specified on FreeBSD.
The man page says:
Most probably you will want to launch fcgiwrap by spawn-fcgi using a configuration like this:
FCGI_SOCKET=/var/run/fcgiwrap.sock
FCGI_PROGRAM=/usr/sbin/fcgiwrap
FCGI_USER=nginx
FCGI_GROUP=www
FCGI_EXTRA_OPTIONS="-M 0700"
ALLOWED_ENV="PATH"
Based on this question I have looked in /usr/local/etc/rc.d for spawn-fcgi but its not there which I assume means its not installed. It also seems overkill to install spawn-fcgi just to manage who fcgiwrap runs as.
I've found in /usr/local/etc/rc.d/fcgiwrap it says:
# fcgiwrap rc.d script supports multiple profiles (a-la rc.d/nginx)
# When profiles are specified, the non-profile specific parameters become defaults.
# You need to make sure that no two profiles have the same socket parameter.
What is a profile and how would I go about creating one for this rc.d script? Or am I going about this all the wrong way?
