From 7907a09acc812f857f283d64c988c69d08acd041 Mon Sep 17 00:00:00 2001 From: networkException Date: Tue, 3 Oct 2023 17:31:40 +0200 Subject: [PATCH] api: allow custom unix bind mode and use 0o220 for admin server --- src/api/admin/api_server.rs | 2 +- src/api/generic_server.rs | 6 +++++- src/api/k2v/api_server.rs | 2 +- src/api/s3/api_server.rs | 2 +- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/src/api/admin/api_server.rs b/src/api/admin/api_server.rs index 43497bad..6f1e44e5 100644 --- a/src/api/admin/api_server.rs +++ b/src/api/admin/api_server.rs @@ -66,7 +66,7 @@ impl AdminApiServer { ) -> Result<(), GarageError> { let region = self.garage.config.s3_api.s3_region.clone(); ApiServer::new(region, self) - .run_server(bind_addr, shutdown_signal) + .run_server(bind_addr, Some(0o220), shutdown_signal) .await } diff --git a/src/api/generic_server.rs b/src/api/generic_server.rs index 42c65ab7..fa346f48 100644 --- a/src/api/generic_server.rs +++ b/src/api/generic_server.rs @@ -98,6 +98,7 @@ impl ApiServer { pub async fn run_server( self: Arc, bind_addr: UnixOrTCPSocketAddress, + unix_bind_addr_mode: Option, shutdown_signal: impl Future, ) -> Result<(), GarageError> { let tcp_service = make_service_fn(|conn: &AddrStream| { @@ -146,7 +147,10 @@ impl ApiServer { let bound = Server::bind_unix(path)?; - fs::set_permissions(path, Permissions::from_mode(0o222))?; + fs::set_permissions( + path, + Permissions::from_mode(unix_bind_addr_mode.unwrap_or(0o222)), + )?; bound .serve(unix_service) diff --git a/src/api/k2v/api_server.rs b/src/api/k2v/api_server.rs index 413fd61c..3a032aba 100644 --- a/src/api/k2v/api_server.rs +++ b/src/api/k2v/api_server.rs @@ -42,7 +42,7 @@ impl K2VApiServer { shutdown_signal: impl Future, ) -> Result<(), GarageError> { ApiServer::new(s3_region, K2VApiServer { garage }) - .run_server(bind_addr, shutdown_signal) + .run_server(bind_addr, None, shutdown_signal) .await } } diff --git a/src/api/s3/api_server.rs b/src/api/s3/api_server.rs index cc2091b8..ecfb48b6 100644 --- a/src/api/s3/api_server.rs +++ b/src/api/s3/api_server.rs @@ -49,7 +49,7 @@ impl S3ApiServer { shutdown_signal: impl Future, ) -> Result<(), GarageError> { ApiServer::new(s3_region, S3ApiServer { garage }) - .run_server(addr, shutdown_signal) + .run_server(addr, None, shutdown_signal) .await }