Skip to content

Commit

Permalink
Merge pull request #2417 from monoidic/api_socket_perms
Browse files Browse the repository at this point in the history
bots/collectors/api: make socket file permissions configurable
  • Loading branch information
sebix authored Nov 21, 2023
2 parents ba50010 + 0fc3d6c commit 95e4fec
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 1 deletion.
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,9 @@
#### Parsers

#### Experts
- `intelmq.bots.experts.jinja` (PR#2417 by Mikk Margus Möll):
- Add optional `socket_perms` and `socket_group` parameters to change
file permissions on socket file, if it is in use.

#### Outputs
- `intelmq.bots.outputs.stomp.output` (PR#2408 by Jan Kaliszewski):
Expand Down
8 changes: 8 additions & 0 deletions docs/user/bots.md
Original file line number Diff line number Diff line change
Expand Up @@ -259,6 +259,14 @@ used. Requires the [tornado](https://pypi.org/project/tornado/) library.

(optional, string) Location of the socket. Defaults to `/tmp/imq_api_default_socket`.

**`socket_perms`**

(optional, octal integer) Unix permissions to grant to the socket file. Default: `600`

**`socket_group`**

(optional, string) Name of group to change group ownership of socket file to.

---

### Generic URL Fetcher <div id="intelmq.bots.collectors.http.collector_http" />
Expand Down
10 changes: 9 additions & 1 deletion intelmq/bots/collectors/api/collector_api.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
"""
from threading import Thread
from typing import Optional
import grp
import os
import socket

Expand Down Expand Up @@ -42,6 +43,8 @@ class APICollectorBot(CollectorBot):
_is_multithreadable: bool = False
use_socket = False
socket_path = '/tmp/imq_api_default_socket'
socket_perms = '600'
socket_group = ''
_server: Optional['HTTPServer'] = None
_unix_socket: Optional[socket.socket] = None
_eventLoopThread: Optional[Thread] = None
Expand All @@ -56,7 +59,12 @@ def init(self):

if self.use_socket:
self.server = HTTPServer(app)
self._unix_socket = bind_unix_socket(self.socket_path)
self._unix_socket = bind_unix_socket(self.socket_path, mode=int(self.socket_perms, 8))
if self.socket_group:
group = grp.getgrnam(self.socket_group)
gid = group.gr_gid
os.chown(self.socket_path, -1, gid)

self.server.add_socket(self._unix_socket)
else:
self.server = app.listen(self.port)
Expand Down

0 comments on commit 95e4fec

Please sign in to comment.