Archives/ohwgiles_laminar
1
0
Fork 0
mirror of https://github.com/ohwgiles/laminar.git synced 2026-03-02 03:40:21 +00:00
Code Issues Projects Releases Wiki Activity

create unix sockets with 660 permissions

Browse Source 
Realistically this is probably the permission mask you
want if you are using a unix socket for LAMINAR_BIND_RPC
or LAMINAR_BIND_HTTP.

resolves #160
This commit is contained in:
Oliver Giles
2021-11-12 20:06:24 +13:00
parent d913d04c4a
commit 549f49052a
2 changed files with 14 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
UserManual.md
View File

@@ -222,13 +222,13 @@ Then, point `laminarc` to the new location using an environment variable:
LAMINAR_HOST=192.168.1.1:9997 laminarc queue example
```
If you need more flexibility, consider running the communication channel as a regular unix socket and applying user and group permissions to the file. To achieve this, set
If you need more flexibility, consider running the communication channel as a regular unix socket. Setting
```
LAMINAR_BIND_RPC=unix:/var/run/laminar.sock
```
or similar path in `/etc/laminar.conf`.
or similar path in `/etc/laminar.conf` will result in a socket with group read/write permissions (`660`), so any user in the `laminar` group can queue a job.
This can be securely and flexibly combined with remote triggering using `ssh`. There is no need to allow the client full shell access to the server machine, the ssh server can restrict certain users to certain commands (in this case `laminarc`). See [the authorized_keys section of the sshd man page](https://man.openbsd.org/sshd#AUTHORIZED_KEYS_FILE_FORMAT) for further information.