Skip to content

Commit d58ec66

Browse files
committed
FIX Restrict socket permissions and manage ACLs if needed
1 parent ed6e82a commit d58ec66

File tree

2 files changed

+3
-2
lines changed

2 files changed

+3
-2
lines changed

docs/en/latest/how-it-works.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,7 @@ Note: If you see some error logs like
6464
phase_func(): failed to connect to the unix socket unix:/tmp/runner.sock: permission denied
6565
```
6666

67-
in the `error.log` of APISIX, you can change the permissions of this file for debug, execute commands like
67+
in the `error.log` of APISIX, ensure the APISIX user is provided rights on the socket.
6868

6969
```shell
7070
chmod 766 /tmp/runner.sock

runner-core/src/main/java/org/apache/apisix/plugin/runner/server/ApplicationRunner.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@
3232
import org.springframework.beans.factory.annotation.Value;
3333
import org.springframework.boot.CommandLineRunner;
3434
import org.springframework.stereotype.Component;
35+
3536
import com.google.common.cache.Cache;
3637
import io.netty.bootstrap.ServerBootstrap;
3738
import io.netty.channel.ChannelFuture;
@@ -114,7 +115,7 @@ public void start(String path) throws Exception {
114115
try {
115116
initServerBootstrap(bootstrap);
116117
ChannelFuture future = bootstrap.bind(new DomainSocketAddress(path)).sync();
117-
Runtime.getRuntime().exec("chmod 777 " + socketFile);
118+
Runtime.getRuntime().exec("chmod 700 " + socketFile);
118119
logger.warn("java runner is listening on the socket file: {}", socketFile);
119120

120121
future.channel().closeFuture().sync();

0 commit comments

Comments
 (0)