You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by sp...@apache.org on 2021/07/23 00:59:28 UTC
[apisix-go-plugin-runner] branch master updated: fix: the default
socket permission is not enough (#25)
This is an automated email from the ASF dual-hosted git repository.
spacewander pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-go-plugin-runner.git
The following commit(s) were added to refs/heads/master by this push:
new 5f0b556 fix: the default socket permission is not enough (#25)
5f0b556 is described below
commit 5f0b556d02c810f7dfdb152e9f6fd0489744ba9f
Author: 罗泽轩 <sp...@gmail.com>
AuthorDate: Fri Jul 23 08:59:20 2021 +0800
fix: the default socket permission is not enough (#25)
---
internal/server/server.go | 7 +++++++
internal/server/server_test.go | 6 +++++-
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/internal/server/server.go b/internal/server/server.go
index c013df0..de1d169 100644
--- a/internal/server/server.go
+++ b/internal/server/server.go
@@ -223,6 +223,13 @@ func Run() {
}
defer l.Close()
+ // the default socket permission is 0755, which prevents the 'nobody' worker process
+ // from writing to it if the APISIX is run under root.
+ err = os.Chmod(sockAddr, 0766)
+ if err != nil {
+ log.Fatalf("can't change mod for file %s: %s", sockAddr, err)
+ }
+
done := make(chan struct{})
quit := make(chan os.Signal, 1)
signal.Notify(quit, syscall.SIGINT, syscall.SIGTERM)
diff --git a/internal/server/server_test.go b/internal/server/server_test.go
index 0d99cfa..a64743c 100644
--- a/internal/server/server_test.go
+++ b/internal/server/server_test.go
@@ -77,6 +77,10 @@ func TestRun(t *testing.T) {
}()
time.Sleep(100 * time.Millisecond)
+
+ stat, err := os.Stat(path)
+ assert.True(t, stat.Mode().Perm() == 0766)
+
header := make([]byte, 4)
binary.BigEndian.PutUint32(header, uint32(32))
header[0] = 1
@@ -103,6 +107,6 @@ func TestRun(t *testing.T) {
syscall.Kill(syscall.Getpid(), syscall.SIGINT)
time.Sleep(10 * time.Millisecond)
- _, err := os.Stat(path)
+ _, err = os.Stat(path)
assert.True(t, os.IsNotExist(err))
}