Skip to content

Commit 95e4fec

Browse files
sebixsebix
authored
Merge pull request #2417 from monoidic/api_socket_perms
bots/collectors/api: make socket file permissions configurable
2 parents ba50010 + 0fc3d6c commit 95e4fec

File tree

3 files changed

+20
-1
lines changed

3 files changed

+20
-1
lines changed

CHANGELOG.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,9 @@
5454
#### Parsers
5555

5656
#### Experts
57+
- `intelmq.bots.experts.jinja` (PR#2417 by Mikk Margus Möll):
58+
- Add optional `socket_perms` and `socket_group` parameters to change
59+
file permissions on socket file, if it is in use.
5760

5861
#### Outputs
5962
- `intelmq.bots.outputs.stomp.output` (PR#2408 by Jan Kaliszewski):

docs/user/bots.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -259,6 +259,14 @@ used. Requires the [tornado](https://pypi.org/project/tornado/) library.
259259

260260
(optional, string) Location of the socket. Defaults to `/tmp/imq_api_default_socket`.
261261

262+
**`socket_perms`**
263+
264+
(optional, octal integer) Unix permissions to grant to the socket file. Default: `600`
265+
266+
**`socket_group`**
267+
268+
(optional, string) Name of group to change group ownership of socket file to.
269+
262270
---
263271

264272
### Generic URL Fetcher <div id="intelmq.bots.collectors.http.collector_http" />

intelmq/bots/collectors/api/collector_api.py

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
"""
99
from threading import Thread
1010
from typing import Optional
11+
import grp
1112
import os
1213
import socket
1314

@@ -42,6 +43,8 @@ class APICollectorBot(CollectorBot):
4243
_is_multithreadable: bool = False
4344
use_socket = False
4445
socket_path = '/tmp/imq_api_default_socket'
46+
socket_perms = '600'
47+
socket_group = ''
4548
_server: Optional['HTTPServer'] = None
4649
_unix_socket: Optional[socket.socket] = None
4750
_eventLoopThread: Optional[Thread] = None
@@ -56,7 +59,12 @@ def init(self):
5659

5760
if self.use_socket:
5861
self.server = HTTPServer(app)
59-
self._unix_socket = bind_unix_socket(self.socket_path)
62+
self._unix_socket = bind_unix_socket(self.socket_path, mode=int(self.socket_perms, 8))
63+
if self.socket_group:
64+
group = grp.getgrnam(self.socket_group)
65+
gid = group.gr_gid
66+
os.chown(self.socket_path, -1, gid)
67+
6068
self.server.add_socket(self._unix_socket)
6169
else:
6270
self.server = app.listen(self.port)

0 commit comments

Comments
 (0)