diff --git a/gui/default/syncthing/core/syncthingController.js b/gui/default/syncthing/core/syncthingController.js
index 86dadf7aa..2a0310684 100755
--- a/gui/default/syncthing/core/syncthingController.js
+++ b/gui/default/syncthing/core/syncthingController.js
@@ -2491,4 +2491,11 @@ angular.module('syncthing.core')
$scope.config.options.crashReportingEnabled = enabled;
$scope.saveConfig();
};
+
+ $scope.isUnixAddress = function (address) {
+ return address != null &&
+ (address.startsWith('/') ||
+ address.startsWith('unix://') ||
+ address.startsWith('unixs://'));
+ }
});
diff --git a/gui/default/syncthing/settings/settingsModalView.html b/gui/default/syncthing/settings/settingsModalView.html
index 7257d5430..fe1836255 100644
--- a/gui/default/syncthing/settings/settingsModalView.html
+++ b/gui/default/syncthing/settings/settingsModalView.html
@@ -172,6 +172,13 @@
diff --git a/lib/api/api.go b/lib/api/api.go
index e8d07f431..2e1d83bc3 100644
--- a/lib/api/api.go
+++ b/lib/api/api.go
@@ -187,6 +187,15 @@ func (s *service) getListener(guiCfg config.GUIConfiguration) (net.Listener, err
return nil, err
}
+ if guiCfg.Network() == "unix" && guiCfg.UnixSocketPermissions() != 0 {
+ // We should error if this fails under the assumption that these permissions are
+ // required for operation.
+ err = os.Chmod(guiCfg.Address(), guiCfg.UnixSocketPermissions())
+ if err != nil {
+ return nil, err
+ }
+ }
+
listener := &tlsutil.DowngradingListener{
Listener: rawListener,
TLSConfig: tlsCfg,
diff --git a/lib/config/guiconfiguration.go b/lib/config/guiconfiguration.go
index fb646721a..2ae7497cd 100644
--- a/lib/config/guiconfiguration.go
+++ b/lib/config/guiconfiguration.go
@@ -9,12 +9,14 @@ package config
import (
"net/url"
"os"
+ "strconv"
"strings"
)
type GUIConfiguration struct {
Enabled bool `xml:"enabled,attr" json:"enabled" default:"true"`
RawAddress string `xml:"address" json:"address" default:"127.0.0.1:8384"`
+ RawUnixSocketPermissions string `xml:"unixSocketPermissions,omitempty" json:"unixSocketPermissions"`
User string `xml:"user,omitempty" json:"user"`
Password string `xml:"password,omitempty" json:"password"`
AuthMode AuthMode `xml:"authMode,omitempty" json:"authMode"`
@@ -59,6 +61,15 @@ func (c GUIConfiguration) Address() string {
return c.RawAddress
}
+func (c GUIConfiguration) UnixSocketPermissions() os.FileMode {
+ perm, err := strconv.ParseUint(c.RawUnixSocketPermissions, 8, 32)
+ if err != nil {
+ // ignore incorrectly formatted permissions
+ return 0
+ }
+ return os.FileMode(perm) & os.ModePerm
+}
+
func (c GUIConfiguration) Network() string {
if override := os.Getenv("STGUIADDRESS"); strings.Contains(override, "/") {
url, err := url.Parse(override)