Hi William,

On Thu, Jan 09, 2020 at 12:26:06AM +0100, William Dauchy wrote:
> allows to use unix-bind settings in config file for both stats and master
> sockets; this will save some double painful config when you can rely on
> the global unix-bind.
> Local settings will still overload the default global.

I had a look at how this currently works and am embarrassed by both the
patch and the way things currently work. Indeed, the patch only makes
use of the mode, uid and gid from the unix-bind statement and silently
ignores the path. It would be tempting to decide that since it's a unix
socket we should enfore all of unix-bind settings to the stats socket,
but then the problem caused by unix-bind is that the path component is
a mandatory prefix that is prepended before all socket paths. So if we
enforce the path we'll break all configs already using unix-bind.

I tend to think that at some point we could decide to purposely break
some of this stuff so that the stats socket is not special at all, but
I fear that some configs could not be expressed anymore due to this,
and typically users will place the stats socket into a location outside
of the chroot so that it cannot be accessed by accident by the process.
That's even more true for the master socket where the path is specified
on the command line, regardless of any global setting.

So maybe in the end your approach is the most reasonable one. However
in this case we should explicitly state in the doc what settings from
the unix-bind directive are reused by the stats/master socket, because
to be transparent, I wasn't aware of the other ones beyond "prefix" and
that's the first thing I tried and was surprized not to see it work as
I imagined it would.

What do you think ?

thanks,
Willy

Reply via email to