From a275ef17a8ac6400692fd967fb8505c0b110d83b Mon Sep 17 00:00:00 2001 From: Nicola Murino Date: Sun, 28 Jan 2024 09:34:07 +0100 Subject: [PATCH] relax Unix domain socket permissions so that they are group writable Fixes #1507 Signed-off-by: Nicola Murino --- init/sftpgo.service | 1 + internal/util/util.go | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/init/sftpgo.service b/init/sftpgo.service index fe6c3845..a8014c55 100644 --- a/init/sftpgo.service +++ b/init/sftpgo.service @@ -7,6 +7,7 @@ User=sftpgo Group=sftpgo Type=simple WorkingDirectory=/etc/sftpgo +RuntimeDirectory=sftpgo Environment=SFTPGO_CONFIG_DIR=/etc/sftpgo/ Environment=SFTPGO_LOG_FILE_PATH= EnvironmentFile=-/etc/sftpgo/sftpgo.env diff --git a/internal/util/util.go b/internal/util/util.go index f90c2f71..353b6464 100644 --- a/internal/util/util.go +++ b/internal/util/util.go @@ -582,13 +582,19 @@ func HTTPListenAndServe(srv *http.Server, address string, port int, isTLS bool, if !IsFileInputValid(address) { return fmt.Errorf("invalid socket address %q", address) } - err = createDirPathIfMissing(address, os.ModePerm) + err = createDirPathIfMissing(address, 0770) if err != nil { logger.ErrorToConsole("error creating Unix-domain socket parent dir: %v", err) logger.Error(logSender, "", "error creating Unix-domain socket parent dir: %v", err) } os.Remove(address) listener, err = newListener("unix", address, srv.ReadTimeout, srv.WriteTimeout) + if err == nil { + // should a chmod err be fatal? + if errChmod := os.Chmod(address, 0770); errChmod != nil { + logger.Warn(logSender, "", "unable to set the Unix-domain socket group writable: %v", errChmod) + } + } } else { CheckTCP4Port(port) listener, err = newListener("tcp", fmt.Sprintf("%s:%d", address, port), srv.ReadTimeout, srv.WriteTimeout)