ziti-tunnel-sdk-c
ziti-tunnel-sdk-c copied to clipboard
correct permissions before dropping privs
The ZET service fails to start as user "ziti" if the IPC socket dir was previously created by user "root" in a scenario where the binary was run manually before the service was started.
Possible solution: correct owner and mode as root with systemd service unit directive ExecStartPre
. The directive is currently used to run a script that provides features like enrolling with tokens in the configured identity dir. (link to unit template). We could enhance that script to fix perms.