3 лет назад · bf8077626e
--- a/cmd/serve.go
+++ b/cmd/serve.go
@@ -5,8 +5,8 @@ package cmd
 
				 import (
			
 
				 	"errors"
			
 
				 	"fmt"
			
 
				-	"io/fs"
			
 
				 	"heckel.io/ntfy/log"
			
 
				+	"io/fs"
			
 
				 	"math"
			
 
				 	"net"
			
 
				 	"os"
			
@@ -36,7 +36,7 @@ var flagsServe = append(
 
				 	altsrc.NewStringFlag(&cli.StringFlag{Name: "listen-http", Aliases: []string{"listen_http", "l"}, EnvVars: []string{"NTFY_LISTEN_HTTP"}, Value: server.DefaultListenHTTP, Usage: "ip:port used to as HTTP listen address"}),
			
 
				 	altsrc.NewStringFlag(&cli.StringFlag{Name: "listen-https", Aliases: []string{"listen_https", "L"}, EnvVars: []string{"NTFY_LISTEN_HTTPS"}, Usage: "ip:port used to as HTTPS listen address"}),
			
 
				 	altsrc.NewStringFlag(&cli.StringFlag{Name: "listen-unix", Aliases: []string{"listen_unix", "U"}, EnvVars: []string{"NTFY_LISTEN_UNIX"}, Usage: "listen on unix socket path"}),
			
 
				-	altsrc.NewIntFlag(&cli.IntFlag{Name: "listen-unix-mode", Aliases: []string{"listen_unix_mode"}, EnvVars: []string{"NTFY_LISTEN_UNIX_MODE"}, Value: server.DefaultListenUnixMode, Usage: "file mode of unix socket"}),
			
 
				+	altsrc.NewIntFlag(&cli.IntFlag{Name: "listen-unix-mode", Aliases: []string{"listen_unix_mode"}, EnvVars: []string{"NTFY_LISTEN_UNIX_MODE"}, DefaultText: "system default", Usage: "file permissions of unix socket, e.g. 0700"}),
			
 
				 	altsrc.NewStringFlag(&cli.StringFlag{Name: "key-file", Aliases: []string{"key_file", "K"}, EnvVars: []string{"NTFY_KEY_FILE"}, Usage: "private key file, if listen-https is set"}),
			
 
				 	altsrc.NewStringFlag(&cli.StringFlag{Name: "cert-file", Aliases: []string{"cert_file", "E"}, EnvVars: []string{"NTFY_CERT_FILE"}, Usage: "certificate file, if listen-https is set"}),
			
 
				 	altsrc.NewStringFlag(&cli.StringFlag{Name: "firebase-key-file", Aliases: []string{"firebase_key_file", "F"}, EnvVars: []string{"NTFY_FIREBASE_KEY_FILE"}, Usage: "Firebase credentials file; if set additionally publish to FCM topic"}),
			
--- a/docs/releases.md
+++ b/docs/releases.md
@@ -31,6 +31,7 @@ Thank you to [@wunter8](https://github.com/wunter8) for proactively picking up s
 
				 **Features:**
			
 
				 
			
 
				 * Subscription display name for the web app ([#348](https://github.com/binwiederhier/ntfy/pull/348))
			
 
				+* Allow setting socket permissions via `--listen-unix-mode` ([#356](https://github.com/binwiederhier/ntfy/pull/356), thanks to [@koro666](https://github.com/koro666))
			
 
				 
			
 
				 **Bugs:**
			
 
				 
			
--- a/server/config.go
+++ b/server/config.go
@@ -8,7 +8,6 @@ import (
 
				 // Defines default config settings (excluding limits, see below)
			
 
				 const (
			
 
				 	DefaultListenHTTP                           = ":80"
			
 
				-	DefaultListenUnixMode                       = 0777
			
 
				 	DefaultCacheDuration                        = 12 * time.Hour
			
 
				 	DefaultKeepaliveInterval                    = 45 * time.Second // Not too frequently to save battery (Android read timeout used to be 77s!)
			
 
				 	DefaultManagerInterval                      = time.Minute
			
@@ -108,7 +107,7 @@ func NewConfig() *Config {
 
				 		ListenHTTP:                           DefaultListenHTTP,
			
 
				 		ListenHTTPS:                          "",
			
 
				 		ListenUnix:                           "",
			
 
				-		ListenUnixMode:                       DefaultListenUnixMode,
			
 
				+		ListenUnixMode:                       0,
			
 
				 		KeyFile:                              "",
			
 
				 		CertFile:                             "",
			
 
				 		FirebaseKeyFile:                      "",
			
--- a/server/server.go
+++ b/server/server.go
@@ -174,7 +174,7 @@ func (s *Server) Run() error {
 
				 		listenStr += fmt.Sprintf(" %s[https]", s.config.ListenHTTPS)
			
 
				 	}
			
 
				 	if s.config.ListenUnix != "" {
			
 
				-		listenStr += fmt.Sprintf(" %s[unix/%04o]", s.config.ListenUnix, s.config.ListenUnixMode)
			
 
				+		listenStr += fmt.Sprintf(" %s[unix]", s.config.ListenUnix)
			
 
				 	}
			
 
				 	if s.config.SMTPServerListen != "" {
			
 
				 		listenStr += fmt.Sprintf(" %s[smtp]", s.config.SMTPServerListen)
			
@@ -204,13 +204,17 @@ func (s *Server) Run() error {
 
				 			os.Remove(s.config.ListenUnix)
			
 
				 			s.unixListener, err = net.Listen("unix", s.config.ListenUnix)
			
 
				 			if err != nil {
			
 
				+				s.mu.Unlock()
			
 
				 				errChan <- err
			
 
				 				return
			
 
				 			}
			
 
				-			if err := os.Chmod(s.config.ListenUnix, s.config.ListenUnixMode); err != nil {
			
 
				-				s.unixListener.Close()
			
 
				-				errChan <- err
			
 
				-				return
			
 
				+			defer s.unixListener.Close()
			
 
				+			if s.config.ListenUnixMode > 0 {
			
 
				+				if err := os.Chmod(s.config.ListenUnix, s.config.ListenUnixMode); err != nil {
			
 
				+					s.mu.Unlock()
			
 
				+					errChan <- err
			
 
				+					return
			
 
				+				}
			
 
				 			}
			
 
				 			s.mu.Unlock()
			
 
				 			httpServer := &http.Server{Handler: mux}