Make possible to run without root; socket creation. #802
Comments
zander
added a commit
to zander/yggdrasil-go
that referenced
this issue
Jul 24, 2021
The `AdminListen` option and `yggdrasilctl` now default to `unix:///var/run/yggdrasil/yggdrasil.sock` on Linux This allows yggdrasil to be run as its own user. Closes yggdrasil-network#802
zander
added a commit
to zander/yggdrasil-go
that referenced
this issue
Jan 9, 2022
The `AdminListen` option and `yggdrasilctl` now default to `unix:///var/run/yggdrasil/yggdrasil.sock` on Linux This allows yggdrasil to be run as its own user. Closes yggdrasil-network#802
|
This is being looked at in #927. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The default location of the admin socket is
/var/run/yggdrasil.sock.There are two problems with that;
/var/rundir is only writable by root.Those two together means that on the topic of the socket, you need to run yggdrasil as root. And that is unfortunate for server software. Security wise there is a wish to avoid running things as root.
The easiest solution is to create a yggdrasil subdir in /var/run which avoids the permissions issue. Not sure how that works together with #449.
The alternative solution is to not delete the socket file upon exit, as that avoids the requirement to be root to do so. Edit; this means the app can drop root privs the moment the socket is created, or use a separate method to create it.
The text was updated successfully, but these errors were encountered: