diff options
author | Emily <git@emilylange.de> | 2023-06-23 22:49:41 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-06-23 14:49:41 -0600 |
commit | 22927e278dc29c9d1804c20f483510ec569f23ed (patch) | |
tree | 3baa3a6aadf64fe4eb15c7675a3edcd379a798a3 /modules/caddyhttp/reverseproxy/selectionpolicies.go | |
parent | 7a69ae757197660d26095045fba385c613926d77 (diff) |
core: Add optional unix socket file permissions (#4741)
* core: Add optional unix socket file permissions
This commit also changes the default unix socket file permissions to `u=w,g=,o=` (octal: `0200`).
It used to default to the shell's umask (usually `u=rwx,g=rx,o=rx`, octal: `0755`).
`/run/caddy.sock` -> `/run/caddy.sock` with `0200` default perms
`/run/caddy.sock|0222` -> `/run/caddy.sock` with `0222` perms
`|` instead of `:` is used as a separator, to account for the `:` in Windows drive letters (e.g. `C:\absolute\path.sock`)
Fun fact:
The old unix(7) man page (pre Jun 2016) stated a socket needs both read and write perms.
Turns out, only write perms are needed.
Corrected in https://github.com/mkerrisk/man-pages/commit/7578ea2f85b272363d22680d69e7d32f0b59c83b
Despite this, most implementations still default to read+write to this date.
* Add cases with Windows paths to test
* Require write perms for the owning user
Diffstat (limited to 'modules/caddyhttp/reverseproxy/selectionpolicies.go')
0 files changed, 0 insertions, 0 deletions