Base: Make anon's helper services run with 600 socket permissions

Some of these were using 660 permissions which meant that other users in the "users" group could connect to anon's service processes. Let's tighten things up by not allowing that. :^)
2025-07-27 09:37:34 +00:00 · 2021-06-06 18:03:57 +02:00 · 2021-06-06 18:03:57 +02:00 · b968d44375
commit b968d44375
parent 4c47b3951d
1 changed files with 7 additions and 7 deletions
--- a/Base/etc/SystemServer.ini
+++ b/Base/etc/SystemServer.ini
@ -1,6 +1,6 @@
 [RequestServer]
 Socket=/tmp/portal/request
-SocketPermissions=660
+SocketPermissions=600
 Lazy=1
 Priority=low
 User=anon
@ -10,7 +10,7 @@ AcceptSocketConnections=1
 [WebContent]
 Socket=/tmp/portal/webcontent
-SocketPermissions=660
+SocketPermissions=600
 Lazy=1
 User=anon
 BootModes=graphical
@ -19,7 +19,7 @@ AcceptSocketConnections=1
 [ImageDecoder]
 Socket=/tmp/portal/image
-SocketPermissions=660
+SocketPermissions=600
 Lazy=1
 User=anon
 BootModes=graphical
@ -28,7 +28,7 @@ AcceptSocketConnections=1
 [WebSocket]
 Socket=/tmp/portal/websocket
-SocketPermissions=660
+SocketPermissions=600
 Lazy=1
 Priority=low
 User=anon
@ -80,7 +80,7 @@ User=anon
 [Clipboard]
 Socket=/tmp/portal/clipboard
-SocketPermissions=660
+SocketPermissions=600
 Priority=low
 User=anon
@ -143,7 +143,7 @@ BootModes=text
 [CppLanguageServer]
 Socket=/tmp/portal/language/cpp
-SocketPermissions=660
+SocketPermissions=600
 Lazy=1
 User=anon
 MultiInstance=1
@ -151,7 +151,7 @@ AcceptSocketConnections=1
 [ShellLanguageServer]
 Socket=/tmp/portal/language/shell
-SocketPermissions=660
+SocketPermissions=600
 Lazy=1
 User=anon
 MultiInstance=1