consider the ssh command:
sudo ssh -L /my/local/sock:/var/remote_socket me@remote
This runs as root, so the created local unix domain socket has ownership root and 0600 permissions.
How do I tell ssh to create the socket with wider permissions?
Asked
Active
Viewed 1,182 times
1 Answers
4
Use the StreamLocalBindMask option:
StreamLocalBindMask
Sets the octal file creation mode mask (umask) used when creating
a Unix-domain socket file for local or remote port forwarding.
This option is only used for port forwarding to a Unix-domain socket file.
The default value is 0177, which creates a Unix-domain socket
file that is readable and writable only by the owner. Note that
not all operating systems honor the file mode on Unix-domain
socket files.
For a socket open to any user:
sudo ssh -o StreamLocalBindMask=0111 -L /my/local/sock:/var/remote_socket me@remote
(or just =0 ).
A.B
- 11,090
- 2
- 24
- 45
-
It seems with newer versions of ssh, this option does not work on the client-side. The same option can be set in the server's `sshd_config`, and this worked for me. I used `StreamLocalBindMask 0117` for 0660 permissions. – Wolfgang Dec 02 '21 at 00:55
-
the client-side controls the socket on the client-side, the server-side controls the socket on the server-side. – A.B Dec 24 '21 at 12:21