dotnet/aspnetcore

allow setting permissions on unix sockets

Open

#17,706 建立於 2019年12月9日

在 GitHub 查看
 (10 留言) (3 反應) (0 負責人)C# (10,653 fork)batch import
affected-very-fewarea-networkingenhancementfeature-kestrelgood first issuehelp wantedseverity-nice-to-have

倉庫指標

Star
 (37,933 star)
PR 合併指標
 (平均合併 16天 9小時) (30 天內合併 258 個 PR)

描述

Hello, It would be useful to allow setting permissions on unix sockets. There was a recommendation somewhere to run kestrel as same user as www server, but that is not always a good thing to do. For example my security model assumes there are many apps behind my reverse proxy and they do not need access to other apps, and the server also does not need access to directories and files of these apps, just to the socket. Of course one solution to the problem is containerization, but I don't think it is/should be the only solution. Plain user isolation also should work relatively straightforward.

貢獻者指南