Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please add config option to chmod a UNIX socket #145

Open
leonerd opened this issue Mar 29, 2022 · 1 comment
Open

Please add config option to chmod a UNIX socket #145

leonerd opened this issue Mar 29, 2022 · 1 comment

Comments

@leonerd
Copy link

leonerd commented Mar 29, 2022

When Starman creates a UNIX socket it just inherits the prevailing umask setting, which often means that the socket is restricted so only the same UID can connect to it. It's common to deploy webapps as their own user ID, separate from the user ID the webserver is running as, so this is not ideal.

It would be useful if there was a configuration setting to chmod the socket; either. to mode 0777 and permit everything.

As an extra stretch-goal, a really nice configuration would be chmod to 0775 to permit the group and additionally supply a supplementary group that can be shared by the webserver, which can then be chgrp'ed onto the socket. E.g. platforms often use the group www-data for this purpose.

Thanks
@leonerd leonerd mentioned this issue Mar 29, 2022
Open
@dboehmer
Copy link

The OP probably knows how to do this but in case this helps anyone: I added these two lines to my Systemd service definition to handle the socket permissions:

ExecStartPost=/bin/chgrp www-data /run/coocook/coocook.sock
ExecStartPost=/bin/chmod g+w      /run/coocook/coocook.sock

coocook is the name of my app.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dboehmer @leonerd