Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Socket Permissions Configuration #542

Closed
JP-Ellis opened this issue Jun 14, 2024 · 4 comments
Closed

Socket Permissions Configuration #542

JP-Ellis opened this issue Jun 14, 2024 · 4 comments
Assignees
@JP-Ellis
Labels
s: Daemon This issue touches pueue daemon s: Pueue-lib This issue touches the pueue-lib library t: Feature A new feature that needs implementation

Comments

@JP-Ellis
Copy link
Contributor

A detailed description of the feature you would like to see added.

I would like the ability to configure the socket permissions. For example:

shared:
  pueue_directory: /var/lib/pueue
  runtime_directory: /var/run/pueue
  use_unix_socket: true
  unix_socket_path: /var/run/pueue/pueue.socket
  unix_socket_permissions: '777'  # <-- new option

Not sure whether the permissions should be in standard octal notation, the more verbose rwxr-xr-x or even as a further dictionary:

shared:
  unix_socket_permissions:
    user: [read, write, execute]
    group: [read, execute]
    all: [read, execute]

Explain your usecase of the requested feature

I have a shared pueued instance running as a systemd service (happy to share the configuration) which I would ideally like to reach over sockets.

The pueued daemon by default creates the socket with permissions rwxr-xr-x thereby preventing anyone from writing to the socket other than the service user.

I would like to spawn this process under a special pueue:pueue user and group, and grant users of the pueue group the ability to write to the socket. This would require setting the socket's permissions to rwxrwxr-x.

Alternatives

The current alternative is to manually change the socket permissions after the process is spawned:

sudo systemctl start pueued
sudo chmod 775 /var/run/pueue/pueue.socket

This will work so long as the process keeps running, but will of course fail after the process has restarted.

Additional context

No response
@Nukesor
Copy link
Owner

Nukesor commented Jun 14, 2024

Did you try ExecStartPost=chmod 775 /var/run/pueue/pueue.socket in your systemd file?

@JP-Ellis
Copy link
Contributor Author

I had tried that, but I thought it might be better if pueue itself handled the permissions.

As to why ExecStartPost did not always work, it was generally because chmod is executed too fast and the socket may not exist yet. I know this can be fixed by inserting ExecStartPost=sleep 2 before the chmod command; but thought this solution to be somewhat inelegant.

Let me know what you think of my suggestion of adding another configuration option. I would be happy to contribute the PR myself.

@Nukesor
Copy link
Owner

Nukesor commented Jun 14, 2024

Fair points :D

It's a small change as well, feel free to go ahead :)

@Nukesor Nukesor added t: Feature A new feature that needs implementation s: Pueue-lib This issue touches the pueue-lib library s: Daemon This issue touches pueue daemon labels Jun 23, 2024
@Nukesor
Copy link
Owner

Nukesor commented Jul 14, 2024

Implemented in #544

@Nukesor Nukesor closed this as completed Jul 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JP-Ellis JP-Ellis

Labels
s: Daemon This issue touches pueue daemon s: Pueue-lib This issue touches the pueue-lib library t: Feature A new feature that needs implementation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JP-Ellis @Nukesor