Open jmgurney opened 4 years ago
hsanjuan
commented
4 years ago If using systemd you can write a service that depends on go-ipfs and will only run once go-ipfs notifies the full start.
For anyone wanting to pick this up, please write a proposal first on how this would affect the config so we can discuss, as I don't think we can currently embed permission/ownership information in the socket multiaddress (?).
Higgs1
commented
10 months ago This feature is essential. It wouldn't even need to be in the socket multiaddress. It could just be an environment variable or a command line argument to daemon. In that case, all sockets would share the same permissions, but that'd be a step in the right direction and deprecated later.
(Context: I'm currently assuming that Kubo's config is JSON, or a JSON-like structure with arrays, dicts, and strings. If this is not true, let me know). Alternatively, the socket multiaddress could just be a different JSON construct, such as an Object. Doing owner and group would have been simple if URLs had been used instead of /ip/etc/etc (but yes I see that syntax was chosen because otherwise a lot of things would have been shoved into the scheme field of the URL).
Environment variable option
IPFS_SOCK_PERM=760 ipfs daemonJSON combined address object option
{
"Addresses": {
"API": {
"path": "/unix/run/ipfs/ipfs.sock",
"owner": "ipfs-daemon",
"group": "ipfs-group"
"perm": 760
}
}
}The PR which added unix sockets to the client was #6678.
The relevant code is located somewhere around https://github.com/ipfs/kubo/blob/f2c43d5/cmd/ipfs/daemon.go#L648-L687
With the recent unix domain socket, it would be nice to be able to configure the owner, group and permissions of the socket after it is created. Currently, I have a post start script that does this, BUT because of the fact that ipfs daemonizes itself, I have to put a sleep and wait for the socket to appear to make the changes. It'd be nice if there was a way to configure ipfs to set them once it is created.