ipfs
unix domain sockets, no way to configure permissions/owner/group
With the recent unix domain socket, it would be nice to be able to configure the owner, group and permissions of the socket after it is created. Currently, I have a post start script that does this, BUT because of the fact that ipfs daemonizes itself, I have to put a sleep and wait for the socket to appear to make the changes. It'd be nice if there was a way to configure ipfs to set them once it is created.
If using systemd you can write a service that depends on go-ipfs and will only run once go-ipfs notifies the full start.
For anyone wanting to pick this up, please write a proposal first on how this would affect the config so we can discuss, as I don't think we can currently embed permission/ownership information in the socket multiaddress (?).
This feature is essential. It wouldn't even need to be in the socket multiaddress. It could just be an environment variable or a command line argument to daemon. In that case, all sockets would share the same permissions, but that'd be a step in the right direction and deprecated later.
(Context: I'm currently assuming that Kubo's config is JSON, or a JSON-like structure with arrays, dicts, and strings. If this is not true, let me know). Alternatively, the socket multiaddress could just be a different JSON construct, such as an Object. Doing owner and group would have been simple if URLs had been used instead of /ip/etc/etc (but yes I see that syntax was chosen because otherwise a lot of things would have been shoved into the scheme field of the URL).
Environment variable option
IPFS_SOCK_PERM=760 ipfs daemon
JSON combined address object option
{
"Addresses": {
"API": {
"path": "/unix/run/ipfs/ipfs.sock",
"owner": "ipfs-daemon",
"group": "ipfs-group"
"perm": 760
}
}
}
The PR which added unix sockets to the client was #6678.
The relevant code is located somewhere around https://github.com/ipfs/kubo/blob/f2c43d5/cmd/ipfs/daemon.go#L648-L687
