I try to keep the users on my system separate and I do not wish to unnecessarily introduce security risks. Would it be possible to change the daemon to support setup & start on a user-basis? (starting with setting the default path to store as ~/.hyperdrive, chmod: 600)
On the same level this means that the hyperdrive grpc server started needs to keep a port/user and a way to identify the user accessing it.
One way to achieve this would be to put a ~/.hyperdrive/process.json file that keeps the port + secret. By reading it the user process (i.e. dat-desktop) would know which port to connect to and only by providing it, the grpc server could accept requests.
The user on my system does not have sudo permissions, which means that following lines certainly don't work:
https://github.com/andrewosh/hyperdrive-daemon/blob/2aced54a85d3ca19e3c5fe75759d00bacde3b349/bin/setup.js#L48-L54
I try to keep the users on my system separate and I do not wish to unnecessarily introduce security risks. Would it be possible to change the daemon to support setup & start on a user-basis? (starting with setting the default path to store as ~/.hyperdrive, chmod: 600)
It seems like
fuse
devs have thought of this and point it out in the documentation: https://github.com/libfuse/libfuse#security-implicationsOn the same level this means that the hyperdrive grpc server started needs to keep a port/user and a way to identify the user accessing it.
One way to achieve this would be to put a
~/.hyperdrive/process.json
file that keeps theport
+secret
. By reading it the user process(i.e. dat-desktop)
would know which port to connect to and only by providing it, the grpc server could accept requests.