allows to use unix-bind settings in config file for both stats and master sockets; this will save some double painful config when you can rely on the global unix-bind. Local settings will still overload the default global.
Signed-off-by: William Dauchy <[email protected]> --- doc/configuration.txt | 1 + doc/management.txt | 1 + src/cli.c | 8 ++++++++ 3 files changed, 10 insertions(+) diff --git a/doc/configuration.txt b/doc/configuration.txt index d0bb9741..c3aedb9e 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -1293,6 +1293,7 @@ stats socket [<address:port>|<path>] [param*] All parameters supported by "bind" lines are supported, for instance to restrict access to some users or their access rights. Please consult section 5.1 for more information. + "unix-bind" settings have also an effect on this socket settings. stats timeout <timeout, in milliseconds> The default timeout on the stats socket is set to 10 seconds. It is possible diff --git a/doc/management.txt b/doc/management.txt index 973b6f3a..2c48db1f 100644 --- a/doc/management.txt +++ b/doc/management.txt @@ -283,6 +283,7 @@ list of options is : For security reasons, it is recommended to bind the master CLI to a local UNIX socket. The bind options are the same as the keyword "bind" in the configuration file with words separated by commas instead of spaces. + "unix-bind" settings have also an effect on this socket settings. Note that this socket can't be used to retrieve the listening sockets from an old process during a seamless reload. diff --git a/src/cli.c b/src/cli.c index ba48d147..07a74067 100644 --- a/src/cli.c +++ b/src/cli.c @@ -256,6 +256,10 @@ static int stats_parse_global(char **args, int section_type, struct proxy *curpx bind_conf = bind_conf_alloc(global.stats_fe, file, line, args[2], xprt_get(XPRT_RAW)); bind_conf->level &= ~ACCESS_LVL_MASK; bind_conf->level |= ACCESS_LVL_OPER; /* default access level */ + /* use default settings for unix sockets */ + bind_conf->ux.uid = global.unix_bind.ux.uid; + bind_conf->ux.gid = global.unix_bind.ux.gid; + bind_conf->ux.mode = global.unix_bind.ux.mode; if (!str2listener(args[2], global.stats_fe, bind_conf, file, line, err)) { memprintf(err, "parsing [%s:%d] : '%s %s' : %s\n", @@ -2547,6 +2551,10 @@ int mworker_cli_proxy_new_listener(char *line) bind_conf->level &= ~ACCESS_LVL_MASK; bind_conf->level |= ACCESS_LVL_ADMIN; + /* use default settings for unix sockets */ + bind_conf->ux.uid = global.unix_bind.ux.uid; + bind_conf->ux.gid = global.unix_bind.ux.gid; + bind_conf->ux.mode = global.unix_bind.ux.mode; if (!str2listener(args[0], mworker_proxy, bind_conf, "master-socket", 0, &err)) { ha_alert("Cannot create the listener of the master CLI\n"); -- 2.24.1
