Is your feature request related to a problem? Please describe.
I have Tinyauth running under a different user than Caddy. With the default configuration Tinyauth is owning its socket and gives it 755 permissions. Caddy cannot use it because it only can read but not write.
Describe the solution you'd like
- Something like a VAR/flag TINYAUTH_SERVER_SOCKETPERMISSION=777 (or at least 775)
- or maybe another solution to give Caddy r/w access
Describe alternatives you've considered
- chmod the socket manually on every restart which is not practicable in production
- run Tinyauth under the Caddy User or vice versa which is insecure, I do not want the webserver to be able to read all the sensitive Tinyauth configuration
- even if I do it in reverse, adding Caddy to the Tinyauth group, Caddy has still only read access
- an auxiliary group (with caddy and tinyauth as members) is useless as well because the permissions for groups are read-only
Additional context
I consider a unix socket with permissions 777 residing in a restricted folder more secure than using a tcp socket without tls encryption to which everyone on the network potentially listens to
I'd be happy if you could consider this enhancement.
Have a good day,
Magnus.
Is your feature request related to a problem? Please describe.
I have Tinyauth running under a different user than Caddy. With the default configuration Tinyauth is owning its socket and gives it 755 permissions. Caddy cannot use it because it only can read but not write.
Describe the solution you'd like
Describe alternatives you've considered
Additional context
I consider a unix socket with permissions 777 residing in a restricted folder more secure than using a tcp socket without tls encryption to which everyone on the network potentially listens to
I'd be happy if you could consider this enhancement.
Have a good day,
Magnus.