Implement POSIX Access Control List for UDS

[2014-11-30 08:34 UTC] remi@php.net

Description:
------------
When FPM listen to an UDS socket, security is set by changing the owner/group of the socket, ex:
listen.owner = foo
listen.group = bar

Proposal, keep with behavior and add an optional configuration to use Posix ACL instead:

listen.users = apache,nginx,lighttpd
listen.groups = webserver


Test script:
---------------
$ getfacl /path/to/fpm.sock


Expected result:
----------------
# file: /path/to/fpm.sock
# owner: foo
# group: foo
user::rw-
user:apache:rw-
user:nginx:rw-
user:lighttpd:rw-
group::rw-
group:webserver:rw-
mask::rw-
other::---

[2014-11-30 08:35 UTC] remi@php.net

-Assigned To: +Assigned To: remi

[2014-11-30 09:57 UTC] remi@php.net

Sensible comment about option names, so switch to 

listen.acl_users
listen.acl_groups

[2014-11-30 16:50 UTC] remi@php.net

Patch refeshed with a unit test
(marked as XFAIL as this feature is not enabled by default)

[2014-11-30 17:35 UTC] remi@php.net

Patch refreshed with check for "sys/acl.h"

[2014-12-10 07:19 UTC] remi@php.net

-Status: Assigned +Status: Closed