|
@@ -309,7 +309,7 @@ func (server *Server) checkBans(ipaddr net.IP) (banned bool, message string) {
|
309
|
309
|
//
|
310
|
310
|
|
311
|
311
|
// createListener starts a given listener.
|
312
|
|
-func (server *Server) createListener(addr string, tlsConfig *tls.Config) (*ListenerWrapper, error) {
|
|
312
|
+func (server *Server) createListener(addr string, tlsConfig *tls.Config, bindMode os.FileMode) (*ListenerWrapper, error) {
|
313
|
313
|
// make listener
|
314
|
314
|
var listener net.Listener
|
315
|
315
|
var err error
|
|
@@ -318,6 +318,9 @@ func (server *Server) createListener(addr string, tlsConfig *tls.Config) (*Liste
|
318
|
318
|
// https://stackoverflow.com/a/34881585
|
319
|
319
|
os.Remove(addr)
|
320
|
320
|
listener, err = net.Listen("unix", addr)
|
|
321
|
+ if err == nil && bindMode != 0 {
|
|
322
|
+ os.Chmod(addr, bindMode)
|
|
323
|
+ }
|
321
|
324
|
} else {
|
322
|
325
|
listener, err = net.Listen("tcp", addr)
|
323
|
326
|
}
|
|
@@ -1033,7 +1036,7 @@ func (server *Server) setupListeners(config *Config) (err error) {
|
1033
|
1036
|
if !exists {
|
1034
|
1037
|
// make new listener
|
1035
|
1038
|
tlsConfig := tlsListeners[newaddr]
|
1036
|
|
- listener, listenerErr := server.createListener(newaddr, tlsConfig)
|
|
1039
|
+ listener, listenerErr := server.createListener(newaddr, tlsConfig, config.Server.UnixBindMode)
|
1037
|
1040
|
if listenerErr != nil {
|
1038
|
1041
|
server.logger.Error("rehash", "couldn't listen on", newaddr, listenerErr.Error())
|
1039
|
1042
|
err = listenerErr
|