This assumption of /var/run/spawn-fcgi existing is incompatible with /run migration (bug #361349). The offender is /etc/init.d/spawn-fcgi: PIDPATH=/var/run/spawn-fcgi PIDFILE=${PIDPATH}/${PROGNAME} Note that the ebuild creates the directory with mode 700: keepdir /var/run/spawn-fcgi fperms 0700 /var/run/spawn-fcgi
I am raising the bug's importance, because spawn-fcgi will fail to start with tmpfs /run. The following line in init.d service fixes the issue: checkpath -q -d -m 700 /var/run/spawn-fcgi
*** Bug 403677 has been marked as a duplicate of this bug. ***
And, what is the way to go? Create /var/run from init.d or other location?
(In reply to comment #3) > And, what is the way to go? Create /var/run from init.d or other location? I wrote the line in comment #1. Run "grep -r checkpath /etc/init.d".
+*spawn-fcgi-1.6.3-r1 (02 Apr 2012) + + 02 Apr 2012; Pacho Ramos <pacho@gentoo.org> +files/spawn-fcgi.initd-r1, + +spawn-fcgi-1.6.3-r1.ebuild: + Don't assume /var/run/spawn-fcgi is always present, bug #400899 by Maxim + Kammerer. +
Thanks!
How I intended to use unix sockets with 0700 permissions on /var/run/spawn-fcgi? Nginx says *1 connect() to unix:/var/run/spawn-fcgi/fcgiwrap.socket-2 failed (13: Permission denied) while connecting to upstream until I do chgrp nginx /var/run/spawn-fcgi && chmod g+rX /var/run/spawn-fcgi
(In reply to comment #7) You are doing it wrong: /var/run/spawn-fcgi.* is just the PIDPATH in /etc/init.d/spawn-fcgi. FCGI_SOCKET in /etc/conf.d/spawn-fcgi.* should be accessible by nginx, as you mentioned, so here is an example: (/etc/conf.d/spawn-fcgi.*) FCGI_SOCKET=/var/run/fastcgi.sock FCGI_EXTRA_OPTIONS="-U nginx -G nginx -M 0600" (nginx.conf) fastcgi_pass unix:/var/run/fastcgi.sock-1; @pacho: Thinking about it, having "PIDFILE=${PIDPATH}/${PROGNAME}" in /etc/init.d/spawn-fcgi is rather silly, since it could just as well be set to "${PIDPATH}.${PROGNAME}", and checkpath removed. Is the pid of FCGI_PROGRAM such a secret information that it should hide in a 700-mode directory? No idea about the original rationale for that, though.
(In reply to comment #8) > /var/run/spawn-fcgi.* is just the PIDPATH in /etc/init.d/spawn-fcgi. Sorry, should have been: "/var/run/spawn-fcgi is just the PIDPATH in /etc/init.d/spawn-fcgi.*".
I have no idea :( Maybe this comes from old times to handle multiple pids (bug 149467)
(In reply to comment #10) > Maybe this comes from old times to handle multiple pids (bug 149467) From comments 53 and 54 it seems that the PID directory is only used to organize the PID files.