Persist socket permission changes

[Omniflux]

The installation instructions cover changing the fail2ban socket permissions for access as a non root user, however these changes are lost the next time the socket is created.

To persist on a system where fail2ban is managed by systemd, add the following to the fail2ban service override file

systemctl edit fail2ban

[Service]
ExecStartPost=/bin/sh -c "while ! [ -S /run/fail2ban/fail2ban.sock ]; do sleep 1; done"
ExecStartPost=/bin/chgrp fail2ban /run/fail2ban/fail2ban.sock
ExecStartPost=/bin/chmod g+w /run/fail2ban/fail2ban.sock

[hermanekt]

Hi Omniflux,

i copy paste your howto in README file. Thanks for your fix!

[ihor-chaban]

@Omniflux @hermanekt I guess the issue is not completely resolved. I added these lines to my service configuration and it works when restarting the service manually with systemctl restart fail2ban. BUT after reboot socket got recreated and permissions got back to defaults again.

Made some troubleshooting but no luck yet.

[ihor-chaban]

I was not able to figure out why it is happening, but it works when move these commands to a separate script and call it from systemd unit:

[Service]
ExecStartPost=/usr/bin/bash -c "/lib/systemd/system/fail2ban-fix-socket-permissions.sh"

fail2ban-fix-socket-permissions.sh:

#!/bin/bash
while ! [ -S /run/fail2ban/fail2ban.sock ]; do sleep 1; done
/bin/chgrp fail2ban /run/fail2ban/fail2ban.sock
/bin/chmod g+w /run/fail2ban/fail2ban.sock

Do not forget to make chmod +x /lib/systemd/system/fail2ban-fix-socket-permissions.sh

Works perfectly now.