Allow setting unix socket mode

Signed-off-by: Marco Rebhan <[email protected]>

Author: 2xsaiko

crates/cli/src/server.rs

@@ -5,9 +5,11 @@
 // Please see LICENSE in the repository root for full details.
 
 use std::{
+    fs,
     future::ready,
     net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr, TcpListener, ToSocketAddrs},
     os::unix::net::UnixListener,
+    os::unix::fs::PermissionsExt,
 };
 
 use anyhow::Context;
@@ -329,8 +331,16 @@ pub fn build_listeners(
                 listener.try_into()?
             }
 
-            HttpBindConfig::Unix { socket } => {
+            HttpBindConfig::Unix { socket, mode } => {
                 let listener = UnixListener::bind(socket).context("could not bind socket")?;
+
+                if let Some(mode) = mode {
+                    let mut permissions = fs::metadata(socket).context("could not read socket metadata")?.permissions();
+                    let mode = u32::from_str_radix(mode, 8).with_context(|| format!("could not parse mode: {}", mode))?;
+                    permissions.set_mode(mode);
+                    fs::set_permissions(socket, permissions).context("could not set socket permissions")?;
+                }
+
                 listener.try_into()?
             }
 

crates/config/src/sections/http.rs

@@ -124,6 +124,9 @@ pub enum BindConfig {
         /// Path to the socket
         #[schemars(with = "String")]
         socket: Utf8PathBuf,
+        
+        /// Socket file mode
+        mode: Option<String>,
     },
 
     /// Accept connections on file descriptors passed by the parent process.

docs/reference/configuration.md

@@ -58,6 +58,7 @@ http:
 
         # Third option: listen on the given UNIX socket
         - socket: /tmp/mas.sock
+          mode: "660" # optional
 
         # Fourth option: grab an already open file descriptor given by the parent process
         # This is useful when using systemd socket activation