From bf8077626ec8e150602c95dbc86ed370b958bd8b Mon Sep 17 00:00:00 2001 From: Philipp Heckel Date: Sun, 3 Jul 2022 19:33:01 -0400 Subject: [PATCH] Permissions of unix socket --- cmd/serve.go | 4 ++-- docs/releases.md | 1 + server/config.go | 3 +-- server/server.go | 14 +++++++++----- 4 files changed, 13 insertions(+), 9 deletions(-) diff --git a/cmd/serve.go b/cmd/serve.go index a1b0bd9..23e50ac 100644 --- a/cmd/serve.go +++ b/cmd/serve.go @@ -5,8 +5,8 @@ package cmd import ( "errors" "fmt" - "io/fs" "heckel.io/ntfy/log" + "io/fs" "math" "net" "os" @@ -36,7 +36,7 @@ var flagsServe = append( altsrc.NewStringFlag(&cli.StringFlag{Name: "listen-http", Aliases: []string{"listen_http", "l"}, EnvVars: []string{"NTFY_LISTEN_HTTP"}, Value: server.DefaultListenHTTP, Usage: "ip:port used to as HTTP listen address"}), altsrc.NewStringFlag(&cli.StringFlag{Name: "listen-https", Aliases: []string{"listen_https", "L"}, EnvVars: []string{"NTFY_LISTEN_HTTPS"}, Usage: "ip:port used to as HTTPS listen address"}), altsrc.NewStringFlag(&cli.StringFlag{Name: "listen-unix", Aliases: []string{"listen_unix", "U"}, EnvVars: []string{"NTFY_LISTEN_UNIX"}, Usage: "listen on unix socket path"}), - altsrc.NewIntFlag(&cli.IntFlag{Name: "listen-unix-mode", Aliases: []string{"listen_unix_mode"}, EnvVars: []string{"NTFY_LISTEN_UNIX_MODE"}, Value: server.DefaultListenUnixMode, Usage: "file mode of unix socket"}), + altsrc.NewIntFlag(&cli.IntFlag{Name: "listen-unix-mode", Aliases: []string{"listen_unix_mode"}, EnvVars: []string{"NTFY_LISTEN_UNIX_MODE"}, DefaultText: "system default", Usage: "file permissions of unix socket, e.g. 0700"}), altsrc.NewStringFlag(&cli.StringFlag{Name: "key-file", Aliases: []string{"key_file", "K"}, EnvVars: []string{"NTFY_KEY_FILE"}, Usage: "private key file, if listen-https is set"}), altsrc.NewStringFlag(&cli.StringFlag{Name: "cert-file", Aliases: []string{"cert_file", "E"}, EnvVars: []string{"NTFY_CERT_FILE"}, Usage: "certificate file, if listen-https is set"}), altsrc.NewStringFlag(&cli.StringFlag{Name: "firebase-key-file", Aliases: []string{"firebase_key_file", "F"}, EnvVars: []string{"NTFY_FIREBASE_KEY_FILE"}, Usage: "Firebase credentials file; if set additionally publish to FCM topic"}), diff --git a/docs/releases.md b/docs/releases.md index 90c479a..1644e26 100644 --- a/docs/releases.md +++ b/docs/releases.md @@ -31,6 +31,7 @@ Thank you to [@wunter8](https://github.com/wunter8) for proactively picking up s **Features:** * Subscription display name for the web app ([#348](https://github.com/binwiederhier/ntfy/pull/348)) +* Allow setting socket permissions via `--listen-unix-mode` ([#356](https://github.com/binwiederhier/ntfy/pull/356), thanks to [@koro666](https://github.com/koro666)) **Bugs:** diff --git a/server/config.go b/server/config.go index 90597f2..e117da8 100644 --- a/server/config.go +++ b/server/config.go @@ -8,7 +8,6 @@ import ( // Defines default config settings (excluding limits, see below) const ( DefaultListenHTTP = ":80" - DefaultListenUnixMode = 0777 DefaultCacheDuration = 12 * time.Hour DefaultKeepaliveInterval = 45 * time.Second // Not too frequently to save battery (Android read timeout used to be 77s!) DefaultManagerInterval = time.Minute @@ -108,7 +107,7 @@ func NewConfig() *Config { ListenHTTP: DefaultListenHTTP, ListenHTTPS: "", ListenUnix: "", - ListenUnixMode: DefaultListenUnixMode, + ListenUnixMode: 0, KeyFile: "", CertFile: "", FirebaseKeyFile: "", diff --git a/server/server.go b/server/server.go index 1ffb85c..ca0d639 100644 --- a/server/server.go +++ b/server/server.go @@ -174,7 +174,7 @@ func (s *Server) Run() error { listenStr += fmt.Sprintf(" %s[https]", s.config.ListenHTTPS) } if s.config.ListenUnix != "" { - listenStr += fmt.Sprintf(" %s[unix/%04o]", s.config.ListenUnix, s.config.ListenUnixMode) + listenStr += fmt.Sprintf(" %s[unix]", s.config.ListenUnix) } if s.config.SMTPServerListen != "" { listenStr += fmt.Sprintf(" %s[smtp]", s.config.SMTPServerListen) @@ -204,13 +204,17 @@ func (s *Server) Run() error { os.Remove(s.config.ListenUnix) s.unixListener, err = net.Listen("unix", s.config.ListenUnix) if err != nil { + s.mu.Unlock() errChan <- err return } - if err := os.Chmod(s.config.ListenUnix, s.config.ListenUnixMode); err != nil { - s.unixListener.Close() - errChan <- err - return + defer s.unixListener.Close() + if s.config.ListenUnixMode > 0 { + if err := os.Chmod(s.config.ListenUnix, s.config.ListenUnixMode); err != nil { + s.mu.Unlock() + errChan <- err + return + } } s.mu.Unlock() httpServer := &http.Server{Handler: mux}