github.com/cilium/cilium@v1.16.2/pkg/api/socket.go (about) 1 // SPDX-License-Identifier: Apache-2.0 2 // Copyright Authors of Cilium 3 4 package api 5 6 import ( 7 "fmt" 8 "os" 9 "os/user" 10 "strconv" 11 12 "github.com/sirupsen/logrus" 13 14 "github.com/cilium/cilium/pkg/logging" 15 "github.com/cilium/cilium/pkg/logging/logfields" 16 ) 17 18 var log = logging.DefaultLogger.WithField(logfields.LogSubsys, "api") 19 20 // getGroupIDByName returns the group ID for the given grpName. 21 func getGroupIDByName(grpName string) (int, error) { 22 group, err := user.LookupGroup(grpName) 23 if err != nil { 24 return -1, err 25 } 26 return strconv.Atoi(group.Gid) 27 } 28 29 // SetDefaultPermissions sets the given socket's group to `CiliumGroupName` and 30 // mode to `SocketFileMode`. 31 func SetDefaultPermissions(socketPath string) error { 32 gid, err := getGroupIDByName(CiliumGroupName) 33 if err != nil { 34 log.WithError(err).WithFields(logrus.Fields{ 35 logfields.Path: socketPath, 36 "group": CiliumGroupName, 37 }).Debug("Group not found") 38 } else { 39 if err := os.Chown(socketPath, 0, gid); err != nil { 40 return fmt.Errorf("failed while setting up %s's group ID"+ 41 " in %q: %s", CiliumGroupName, socketPath, err) 42 } 43 } 44 if err := os.Chmod(socketPath, SocketFileMode); err != nil { 45 return fmt.Errorf("failed while setting up file permissions in %q: %w", 46 socketPath, err) 47 } 48 return nil 49 }