relax Unix domain socket permissions so that they are group writable

Fixes #1507 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-01-28 09:34:07 +01:00 · 2024-01-28 09:34:07 +01:00 · a275ef17a8
commit a275ef17a8
parent 856aed2d60
2 changed files with 8 additions and 1 deletions
--- a/init/sftpgo.service
+++ b/init/sftpgo.service
@ -7,6 +7,7 @@ User=sftpgo
 Group=sftpgo
 Type=simple
 WorkingDirectory=/etc/sftpgo
+RuntimeDirectory=sftpgo
 Environment=SFTPGO_CONFIG_DIR=/etc/sftpgo/
 Environment=SFTPGO_LOG_FILE_PATH=
 EnvironmentFile=-/etc/sftpgo/sftpgo.env
--- a/internal/util/util.go
+++ b/internal/util/util.go
@ -582,13 +582,19 @@ func HTTPListenAndServe(srv *http.Server, address string, port int, isTLS bool,
 		if !IsFileInputValid(address) {
 			return fmt.Errorf("invalid socket address %q", address)
 		}
-		err = createDirPathIfMissing(address, os.ModePerm)
+		err = createDirPathIfMissing(address, 0770)
 		if err != nil {
 			logger.ErrorToConsole("error creating Unix-domain socket parent dir: %v", err)
 			logger.Error(logSender, "", "error creating Unix-domain socket parent dir: %v", err)
 		}
 		os.Remove(address)
 		listener, err = newListener("unix", address, srv.ReadTimeout, srv.WriteTimeout)
+		if err == nil {
+			// should a chmod err be fatal?
+			if errChmod := os.Chmod(address, 0770); errChmod != nil {
+				logger.Warn(logSender, "", "unable to set the Unix-domain socket group writable: %v", errChmod)
+			}
+		}
 	} else {
 		CheckTCP4Port(port)
 		listener, err = newListener("tcp", fmt.Sprintf("%s:%d", address, port), srv.ReadTimeout, srv.WriteTimeout)