Tmux socket not accessible by members of the Minecraft group

[Infinidoge]

After a relatively recent tmux update, it is no longer sufficient for the tmux socket to have rw permissions granted to the Minecraft group for access.

It seems like this will necessitate figuring out how to generate the relevant server-access command.

This seems to require searching through and finding all of the users of the group, checking if they're a member of the minecraft group, and including them?

Relevant tmux issue: https://github.com/tmux/tmux/issues/3220

I suppose the module could instead be written to take in a list of users to be given the respective access permissions, but that feels weird.

[NotNite]

What's the expected way to connect to the tmux socket, in the meantime? I feel that attaching as root will mess up permissions, and I'm not sure how to attach as the minecraft user.

[Infinidoge]

As of currently, I just attach as root. Attaching doesn't affect permissions itself (though it necessitates having root access to read the console), it just bypasses tmux's permissions check and lets it through, from my understanding.

[baduhai]

Why use a tmux socket over a systemd socket? This is how the server module in nixpkgs works, and it should also take care of user/group permissions.

[Infinidoge]

The reason why I chose a tmux socket was because it allowed the terminal to be directly attached to, as opposed to interacted with via RCON or directly piping text into stdin.

Compared to directly attaching to the console via tmux or similar, both of those solutions are, to me, very inconvenient with how much I actively work from the server console.

[Infinidoge]

There is currently a draft PR open (#41) which would introduce an option to use systemd sockets, if that is something you are interested in.

[gellis12]

Not entirely sure if this'll be useful for your project, but figured I'd chime in and mention that I got tmux working on my system by adding nobody to the server-access acl, and setting PrivateUsers=true in the systemd unit file (which is probably a good idea in any long-running networked application, tbh) This brought it back to the same functionality as previous tmux versions, where you just had to make sure that group rw permissions are set, and then anyone from the minecraft group can interact with the tmux server.

[Infinidoge]

While it is a bit hacky, that would work perfectly! Thanks for letting me know! I'll do some testing with it first just to make sure, then I'll try to push out a fix with it.