ydotool
ydotool copied to clipboard
ReimuNotMoe
socket perms for system-wide access ?
i've built/installed ydotool from src
i'm working on the required socket perms, hoping to harden access
it's launched via systemd
...
[Service]
UMask = 0117
User=ydotool
Group=input
PermissionsStartOnly=true
ExecStart=/usr/local/ydotool/bin/ydotoold \
--socket-path=/run/ydotool/ydotoold.sock \
--socket-perm=0660
...
it's up
ps aux | grep ydotool
ydotool 9129 0.0 0.0 2476 1536 ? Ss 11:37 0:00 /usr/local/ydotool/bin/ydotoold --socket-path=/run/ydotool/ydotoold.sock --socket-perm=0660
ls -alR /run/ydotool
/run/ydotool:
total 0
drwxrwx--- 2 ydotool input 60 Mar 2 11:47 ./
drwxr-xr-x 49 root root 1.4K Mar 2 10:42 ../
srw-rw---- 1 ydotool input 0 Mar 2 11:47 ydotoold.sock=
my local desktop and ydotool users have been added to the input group
id ydotool
uid=376(ydotool) gid=377(ydotool) groups=377(ydotool),999(input)
getent group input
input:x:999:ydotool,pgnd
at shell, as my user,
whoami
pgnd
YDOTOOL_SOCKET=/run/ydotool/ydotoold.sock /usr/local/ydotool/bin/ydotool type 'TESTTEST'
fails with
failed to connect to socket `/run/ydotool/ydotoold.sock': Permission denied
Please check if the current user has sufficient permissions to access the socket file
if i open the sock's perms
chmod 777 /run/ydotool
chmod 666 /run/ydotool/ydotoold.sock
ls -alR /run/ydotool
/run/ydotool:
total 0
drwxrwxrwx 2 ydotool input 60 Mar 2 11:47 ./
drwxr-xr-x 49 root root 1.4K Mar 2 10:42 ../
srw-rw-rw- 1 ydotool input 0 Mar 2 11:47 ydotoold.sock=
then exec of
YDOTOOL_SOCKET=/run/ydotool/ydotoold.sock /usr/local/ydotool/bin/ydotool type 'TESTTEST'
types, as intended,
TESTTEST
also,
chmod 770 /run/ydotool
chmod 660 /run/ydotool/ydotoold.sock
sudo -u ydotool YDOTOOL_SOCKET=/run/ydotool/ydotoold.sock /usr/local/ydotool/bin/ydotool type 'TESTTEST'
users ydotool & pgnd, both as members of input group, should have equivalent r/w perms for the socket, no?
am i missing a config/assumption re: needed perms?
adding suid to rpm post-install
%post
...
+ chown ydotool:input /path/to/bin/ydotool
+ chmod +s /path/to/bin/ydotool
so that, with above config,
ls -al /run/ydotool/
total 0
drwxrwx--- 2 ydotool input 60 Mar 2 16:09 ./
drwxr-xr-x 49 root root 1.4K Mar 2 10:42 ../
srw-rw---- 1 ydotool input 0 Mar 2 16:09 ydotoold.sock=
ls -al /path/to/bin/ydotool
-rwsr-sr-x 1 ydotool input 32K Mar 1 19:00 /path/to/bin/ydotool*
does the trick. if only as a workaround ...
Can you share your working branch or code so I can try to reproduce it over here?
fwiw, very WIP for builds @ Fedora,
https://pagure.io/pgnd/ydotool-pgnd/tree/main
seems to behave as built --- with the 'expanded' socket perms, as above.
biggest issue is assigning a 'hotkey' trigger in KDE to ydotool scripts; but that appears to be a KDE problem ...
I tested something similar to what you're trying to do, and it's still working... maybe I missed something?