From f4d9c7fe0edeb5fef91b6817febea9ffca73a8ac Mon Sep 17 00:00:00 2001 From: kurt Date: Thu, 9 Jan 2025 17:40:52 +0800 Subject: [PATCH] fix(core): set correct permissions for socket path when umask is set to `0027` (#14084) When umask is configured to `0027`, the newly created `kong_config.socket_path` directory inherits permissions `750`, which restricts access for worker processes. This commit ensures that the `socket_path` directory is explicitly set to permissions `755` using `chmod 755`, thereby preventing permission-related errors and allowing proper access for all necessary processes. Fix: [FTI-6298](https://konghq.atlassian.net/browse/FTI-6298) Signed-off-by: tzssangglass --- changelog/unreleased/kong/fix-socket-path-permissions.yml | 3 +++ kong/cmd/utils/prefix_handler.lua | 6 ++++++ 2 files changed, 9 insertions(+) create mode 100644 changelog/unreleased/kong/fix-socket-path-permissions.yml diff --git a/changelog/unreleased/kong/fix-socket-path-permissions.yml b/changelog/unreleased/kong/fix-socket-path-permissions.yml new file mode 100644 index 000000000000..6e74adc04564 --- /dev/null +++ b/changelog/unreleased/kong/fix-socket-path-permissions.yml @@ -0,0 +1,3 @@ +message: "Fixed an issue where `socket_path` permissions were not correctly set to `755` when the umask setting did not give enough permission" +type: bugfix +scope: Core diff --git a/kong/cmd/utils/prefix_handler.lua b/kong/cmd/utils/prefix_handler.lua index a51f6d8d05d1..f25832699c37 100644 --- a/kong/cmd/utils/prefix_handler.lua +++ b/kong/cmd/utils/prefix_handler.lua @@ -509,6 +509,12 @@ local function prepare_prefix(kong_config, nginx_custom_template_path, skip_writ if not ok then return nil, err end + + local ok, _, _, stderr = pl_utils.executeex("chmod 755 " .. kong_config.socket_path) + if not ok then + return nil, "can not set correct permissions for socket path: " .. kong_config.socket_path + .. " (" .. stderr .. ")" + end end -- create directories in prefix