Skip to content

Make possible to run without root; socket creation. #802

Closed
@zander

Description

@zander

The default location of the admin socket is /var/run/yggdrasil.sock.

There are two problems with that;

  1. it is created and deleted once per session instead of once and then reused.
  2. the /var/run dir is only writable by root.

Those two together means that on the topic of the socket, you need to run yggdrasil as root. And that is unfortunate for server software. Security wise there is a wish to avoid running things as root.

The easiest solution is to create a yggdrasil subdir in /var/run which avoids the permissions issue. Not sure how that works together with #449.
The alternative solution is to not delete the socket file upon exit, as that avoids the requirement to be root to do so. Edit; this means the app can drop root privs the moment the socket is created, or use a separate method to create it.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions