Added a config directive for a Unix socket mask

Added a configuration directive to allow a user to specify the
permissions to be granted to the Unix socket file.  I followed
the format Pieter and Salvatore discusses in issue #85 (
https://github.com/antirez/redis/issues/85).

diff --git a/redis.conf b/redis.conf
index a2e83c6ce101a463ede72f206cc203fcf95f1cd3..18a5dd036ae0f832a168d3691e41a26adf4b4f3d 100644 (file)
--- a/redis.conf
+++ b/redis.conf
@@ -34,6 +34,7 @@ port 6379
 # on a unix socket when not specified.
 #
 # unixsocket /tmp/redis.sock
+# unixsocketperm 755
 
 # Close the connection after a client is idle for N seconds (0 to disable)
 timeout 300

diff --git a/src/anet.c b/src/anet.c
index 692cef1941c05f75b092ebaf8da4f8c864482ba7..9aff4dfa173d94b7dd84e4034a92af591a934c47 100644 (file)
--- a/src/anet.c
+++ b/src/anet.c
@@ -32,6 +32,7 @@
 
 #include <sys/types.h>
 #include <sys/socket.h>
+#include <sys/stat.h>
 #include <sys/un.h>
 #include <netinet/in.h>
 #include <netinet/tcp.h>
@@ -291,7 +292,7 @@ int anetTcpServer(char *err, int port, char *bindaddr)
     return s;
 }
 
-int anetUnixServer(char *err, char *path)
+int anetUnixServer(char *err, char *path, mode_t perm)
 {
     int s;
     struct sockaddr_un sa;
@@ -304,6 +305,8 @@ int anetUnixServer(char *err, char *path)
     strncpy(sa.sun_path,path,sizeof(sa.sun_path)-1);
     if (anetListen(err,s,(struct sockaddr*)&sa,sizeof(sa)) == ANET_ERR)
         return ANET_ERR;
+    if (perm)
+        chmod(sa.sun_path, perm);
     return s;
 }
 

diff --git a/src/anet.h b/src/anet.h
index 2b2dea456d808541a825e3a4b66add239a5ad592..406c578326ca70b94def7ae7cc40486b6a4ef2d2 100644 (file)
--- a/src/anet.h
+++ b/src/anet.h
@@ -46,7 +46,7 @@ int anetUnixNonBlockConnect(char *err, char *path);
 int anetRead(int fd, char *buf, int count);
 int anetResolve(char *err, char *host, char *ipbuf);
 int anetTcpServer(char *err, int port, char *bindaddr);
-int anetUnixServer(char *err, char *path);
+int anetUnixServer(char *err, char *path, mode_t perm);
 int anetTcpAccept(char *err, int serversock, char *ip, int *port);
 int anetUnixAccept(char *err, int serversock);
 int anetWrite(int fd, char *buf, int count);

diff --git a/src/config.c b/src/config.c
index 31a12ea95e48b941cb54411e46d704adec5a83c0..1c666ddf18abbc67e73dfdaeafb8045569e603aa 100644 (file)
--- a/src/config.c
+++ b/src/config.c
@@ -73,6 +73,11 @@ void loadServerConfig(char *filename) {
             server.bindaddr = zstrdup(argv[1]);
         } else if (!strcasecmp(argv[0],"unixsocket") && argc == 2) {
             server.unixsocket = zstrdup(argv[1]);
+        } else if (!strcasecmp(argv[0],"unixsocketperm") && argc == 2) {
+            server.unixsocketperm = (mode_t)strtol(argv[1], NULL, 8);
+            if (errno || server.unixsocketperm > 0777) {
+                err = "Invalid socket file permissions"; goto loaderr;
+            }
         } else if (!strcasecmp(argv[0],"save") && argc == 3) {
             int seconds = atoi(argv[1]);
             int changes = atoi(argv[2]);

diff --git a/src/redis.c b/src/redis.c
index 568f2fc806bfd23552357c5ca38964a3171c563f..295936df1c964023944f2e87176a4c1cba26ae21 100644 (file)
--- a/src/redis.c
+++ b/src/redis.c
@@ -822,6 +822,7 @@ void initServerConfig() {
     server.port = REDIS_SERVERPORT;
     server.bindaddr = NULL;
     server.unixsocket = NULL;
+    server.unixsocketperm = 0;
     server.ipfd = -1;
     server.sofd = -1;
     server.dbnum = REDIS_DEFAULT_DBNUM;
@@ -935,7 +936,7 @@ void initServer() {
     }
     if (server.unixsocket != NULL) {
         unlink(server.unixsocket); /* don't care if this fails */
-        server.sofd = anetUnixServer(server.neterr,server.unixsocket);
+        server.sofd = anetUnixServer(server.neterr,server.unixsocket,server.unixsocketperm);
         if (server.sofd == ANET_ERR) {
             redisLog(REDIS_WARNING, "Opening socket: %s", server.neterr);
             exit(1);

diff --git a/src/redis.h b/src/redis.h
index 6b33d128f61d4886d65ad8e83736b595ca1f6a42..af08145e6b819ae03cbbf1938d0bb7f099fc8e0f 100644 (file)
--- a/src/redis.h
+++ b/src/redis.h
@@ -515,6 +515,7 @@ struct redisServer {
     int port;
     char *bindaddr;
     char *unixsocket;
+    mode_t unixsocketperm;
     int ipfd;
     int sofd;
     int cfd;