feat: add configurable socket permissions

Nukesor / pueue

:stars: Manage your shell commands.

MIT License

4.67k stars 128 forks source link

feat: add configurable socket permissions #544

Open JP-Ellis opened 2 weeks ago

JP-Ellis commented 2 weeks ago

Summary

Have pueue set the permissions of the socket created. Previously, the permissions where unspecified and (at least for me) defaulted to 755. The permissions can be configured through the new unix_socket_permissions setting.

As part of this change, the default settings are moving to 700 which is more restricted than the (possibly system-dependent) previous default. The more restricted permissions should not have any practical impact as users without write permissions would not be able to use the socket, though removing read access to others may possibly improve security.

Checklist

Please make sure the PR adheres to this project's standards:

[x] I included a new entry to the CHANGELOG.md.
[x] I checked cargo clippy and cargo fmt. The CI will fail otherwise anyway.
[ ] (If applicable) I added tests for this feature or adjusted existing tests.
[ ] (If applicable) I checked if anything in the wiki needs to be changed.

JP-Ellis commented 2 weeks ago

A couple of things outstanding for this PR before merging:

I have not added a test yet. You have quite an exhaustive test suite, so I would like you to point me in the right direction as to what tests to add.
There is a test failing when it comes to the backwards compatibility. It wasn't immediately clear to me how this should be resolved.

github-actions[bot] commented 2 weeks ago

Test Results

1 files - 2 6 suites - 16 1s :stopwatch: - 2m 54s 22 tests - 126 22 :white_check_mark: - 126 0 :zzz: ±0 0 :x: ±0 22 runs - 294 22 :white_check_mark: - 294 0 :zzz: ±0 0 :x: ±0

Results for commit fbdfab79. ± Comparison against base commit 30f430f6.

This pull request removes 126 tests.

``` pueue-lib ‑ process_helper::unix::tests::test_normal_command_children_are_killed pueue-lib ‑ process_helper::unix::tests::test_normal_command_is_killed pueue-lib ‑ process_helper::unix::tests::test_shell_command_children_are_killed pueue-lib ‑ process_helper::unix::tests::test_shell_command_is_killed pueue-lib ‑ process_helper::unix::tests::test_shell_command_is_killed_with_signal pueue-lib ‑ process_helper::unix::tests::test_spawn_command pueue-lib::unix_socket ‑ tests::test_unix_socket pueue::tests ‑ client::integration::completions::autocompletion_generation::case_1 pueue::tests ‑ client::integration::completions::autocompletion_generation::case_2 pueue::tests ‑ client::integration::completions::autocompletion_generation::case_3 … ```

Nukesor commented 2 weeks ago

I have a few waiting functions in tests/helpers/wait.rs. Just take one of those and modify them to wait for a file to show up :)

I also edited my original comment to contain a bit more info, but I noticed you already read it before my edit. You're too quick :D

Nukesor commented 2 weeks ago

Also, a new lint popped up due to Rust 1.79. It's already fixed on main :)

Nukesor commented 1 week ago

Do you need any further help :)?

JP-Ellis commented 1 week ago

Just need a bit more time 😆 I've had a busy few days lately, but I should have time by the end of the week to finish it up 👍

Nukesor commented 1 week ago

Don't worry, take your time. Just wanted to check in if you need anything :)