Message ID | 656849315.83800.1702820292582@office.mailbox.org |
---|---|
State | New |
Headers | show |
Series | [bug#67867,shepherd] service: fix ownership+permissions on Unix sockets | expand |
Hi Ulrich, Ulrich Baum <ulrich.baum@ubaum.de> skribis: > Previously, ownership and permissions of AF_UNIX sockets created by > make-inetd-constructor and make-systemd-constructor were not set, > leaving the socket with root:root and 755 permissions. > > modules/shepherd/service.scm (endpoint->listening-socket): fix chown and > chmod calls [...] > (when (= AF_UNIX (sockaddr:fam address)) > - (chown sock owner group) > - (chmod sock #o666)) > + (chown (sockaddr:path address) owner group) > + (chmod (sockaddr:path address) #o666)) Good catch! I was surprised that fchown(2) and fchmod(2) silently did nothing, but that’s how it is. Pushed together with a test, which allowed me to find a related bug (more serious, because it’s about permissions on the socket’s directory): 9dfeb4e support: ‘mkdir-p’ sets permissions when directory already exists. f5b7411 service: Really set ownership and permissions on Unix sockets. (BTW, I have just renamed ‘master’ to ‘main’, but ‘master’ hasn’t been deleted yet from the server; make sure to pick ‘main’ and adjust your Git config.) Thanks, Ludo’.
diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm index 41c6248..f22aaaf 100644 --- a/modules/shepherd/service.scm +++ b/modules/shepherd/service.scm @@ -1867,8 +1867,8 @@ retrying to bind it in one second.") (listen sock backlog) (when (= AF_UNIX (sockaddr:fam address)) - (chown sock owner group) - (chmod sock #o666)) + (chown (sockaddr:path address) owner group) + (chmod (sockaddr:path address) #o666)) sock))))