From 65ac73414fadc4686c94803a93ff319e8f7ce9d1 Mon Sep 17 00:00:00 2001
From: Oleg Lobanov <oleg@lobanov.me>
Date: Fri, 11 Sep 2020 15:59:06 +0200
Subject: [PATCH] feat: add --socket-perm flag to control unix socket file
 permissions (closes #1060)

---
 cmd/root.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/cmd/root.go b/cmd/root.go
index 83ef240e7c..5312d9d213 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -58,6 +58,7 @@ func addServerFlags(flags *pflag.FlagSet) {
 	flags.StringP("key", "k", "", "tls key")
 	flags.StringP("root", "r", ".", "root to prepend to relative paths")
 	flags.String("socket", "", "socket to listen to (cannot be used with address, port, cert nor key flags)")
+	flags.Uint32("socket-perm", 0666, "unix socket file permissions")
 	flags.StringP("baseurl", "b", "", "base url")
 	flags.String("cache-dir", "", "file cache directory (disabled if empty)")
 	flags.Int("img-processors", 4, "image processors count")
@@ -143,6 +144,10 @@ user created with the credentials from options "username" and "password".`,
 		case server.Socket != "":
 			listener, err = net.Listen("unix", server.Socket)
 			checkErr(err)
+			socketPerm, err := cmd.Flags().GetUint32("socket-perm")
+			checkErr(err)
+			err = os.Chmod(server.Socket, os.FileMode(socketPerm))
+			checkErr(err)
 		case server.TLSKey != "" && server.TLSCert != "":
 			cer, err := tls.LoadX509KeyPair(server.TLSCert, server.TLSKey) //nolint:shadow
 			checkErr(err)