#488 set socket perm 0660 in .defaults.yml

bnfinet · bnfinet · commit c1925e255acd · 2023-01-21T13:34:02.000-08:00
diff --git a/.defaults.yml b/.defaults.yml
@@ -9,6 +9,7 @@ vouch:
   testing: false
   listen: 0.0.0.0
   port: 9090
+  socket_mode: 0660 
   # document_root:
   # domains:
   allowAllUsers: false
@@ -18,7 +19,6 @@ vouch:
   writeTimeout: 15
   readTimeout: 15
   idleTimeout: 15
-
   tls:
     # cert:
     # key:
diff --git a/main.go b/main.go
@@ -243,9 +243,6 @@ func listen() (lis net.Listener, cleanupFn func(), err error) {
 		return nil, nil, fmt.Errorf("listen %s: %w", socketPath, err)
 	}
 
-	if cfg.Cfg.SocketMode == 0 {
-		cfg.Cfg.SocketMode = 0777
-	}
 	mode := fs.FileMode(cfg.Cfg.SocketMode)
 	if err = os.Chmod(socketPath, mode); err != nil {
 		return nil, nil, fmt.Errorf("chmod socket file %s %#o", socketPath, mode)
diff --git a/main_test.go b/main_test.go
@@ -1,13 +1,14 @@
 package main
 
 import (
-	"github.com/stretchr/testify/assert"
-	"github.com/vouch/vouch-proxy/pkg/cfg"
 	"io/fs"
 	"os"
 	"path/filepath"
 	"strings"
 	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/vouch/vouch-proxy/pkg/cfg"
 )
 
 func Test_listenUds(t *testing.T) {
@@ -27,7 +28,7 @@ func Test_listenUds(t *testing.T) {
 
 	fi, err := os.Stat(socketPath)
 	assert.NoError(t, err)
-	assert.Equal(t, fs.FileMode(0777), fi.Mode().Perm())
+	assert.Equal(t, fs.FileMode(0660), fi.Mode().Perm())
 
 	assert.NotNil(t, lis)
 	assert.NoError(t, lis.Close())

Original file line number	Diff line number	Diff line change
`@@ -243,9 +243,6 @@ func listen() (lis net.Listener, cleanupFn func(), err error) {`
`243`	`243`	`return nil, nil, fmt.Errorf("listen %s: %w", socketPath, err)`
`244`	`244`	`}`
`245`	`245`
`246`		`- if cfg.Cfg.SocketMode == 0 {`
`247`		`- cfg.Cfg.SocketMode = 0777`
`248`		`- }`
`249`	`246`	`mode := fs.FileMode(cfg.Cfg.SocketMode)`
`250`	`247`	`if err = os.Chmod(socketPath, mode); err != nil {`
`251`	`248`	`return nil, nil, fmt.Errorf("chmod socket file %s %#o", socketPath, mode)`