api: allow custom unix bind mode and use 0o220 for admin server

4 files changed, 8 insertions, 4 deletions

diff --git a/src/api/admin/api_server.rs b/src/api/admin/api_server.rs
index 43497bad..6f1e44e5 100644
--- a/src/api/admin/api_server.rs
+++ b/src/api/admin/api_server.rs
@@ -66,7 +66,7 @@ impl AdminApiServer {
 	) -> Result<(), GarageError> {
 		let region = self.garage.config.s3_api.s3_region.clone();
 		ApiServer::new(region, self)
-			.run_server(bind_addr, shutdown_signal)
+			.run_server(bind_addr, Some(0o220), shutdown_signal)
 			.await
 	}
 
diff --git a/src/api/generic_server.rs b/src/api/generic_server.rs
index 42c65ab7..fa346f48 100644
--- a/src/api/generic_server.rs
+++ b/src/api/generic_server.rs
@@ -98,6 +98,7 @@ impl<A: ApiHandler> ApiServer<A> {
 	pub async fn run_server(
 		self: Arc<Self>,
 		bind_addr: UnixOrTCPSocketAddress,
+		unix_bind_addr_mode: Option<u32>,
 		shutdown_signal: impl Future<Output = ()>,
 	) -> Result<(), GarageError> {
 		let tcp_service = make_service_fn(|conn: &AddrStream| {
@@ -146,7 +147,10 @@ impl<A: ApiHandler> ApiServer<A> {
 
 				let bound = Server::bind_unix(path)?;
 
-				fs::set_permissions(path, Permissions::from_mode(0o222))?;
+				fs::set_permissions(
+					path,
+					Permissions::from_mode(unix_bind_addr_mode.unwrap_or(0o222)),
+				)?;
 
 				bound
 					.serve(unix_service)
diff --git a/src/api/k2v/api_server.rs b/src/api/k2v/api_server.rs
index 413fd61c..3a032aba 100644
--- a/src/api/k2v/api_server.rs
+++ b/src/api/k2v/api_server.rs
@@ -42,7 +42,7 @@ impl K2VApiServer {
 		shutdown_signal: impl Future<Output = ()>,
 	) -> Result<(), GarageError> {
 		ApiServer::new(s3_region, K2VApiServer { garage })
-			.run_server(bind_addr, shutdown_signal)
+			.run_server(bind_addr, None, shutdown_signal)
 			.await
 	}
 }
diff --git a/src/api/s3/api_server.rs b/src/api/s3/api_server.rs
index cc2091b8..ecfb48b6 100644
--- a/src/api/s3/api_server.rs
+++ b/src/api/s3/api_server.rs
@@ -49,7 +49,7 @@ impl S3ApiServer {
 		shutdown_signal: impl Future<Output = ()>,
 	) -> Result<(), GarageError> {
 		ApiServer::new(s3_region, S3ApiServer { garage })
-			.run_server(addr, shutdown_signal)
+			.run_server(addr, None, shutdown_signal)
 			.await
 	}