open tls keys/certificate as root, pass fd's to the unprivileged child process

makes it easier to use tls keys/certs managed by other tools, with or without acme. the root process has access to open such files. the child process reads the key from the file descriptor, then closes the file. for issue #30 by inigoserna, thanks!
2025-07-10 09:54:40 +03:00 · 2023-05-31 14:09:53 +02:00
parent dd0cede4f9
commit 70d07c5459
6 changed files with 119 additions and 36 deletions
--- a/serve.go
+++ b/serve.go
@ -147,11 +147,12 @@ requested, other TLS certificates are requested on demand.
 	mlog.SetConfig(mox.Conf.Log)

 	checkACMEHosts := os.Getuid() != 0
-	mox.MustLoadConfig(checkACMEHosts)

 	log := mlog.New("serve")

 	if os.Getuid() == 0 {
+		mox.MustLoadConfig(checkACMEHosts)
+
 		// No need to potentially start and keep multiple processes. As root, we just need
 		// to start the child process.
 		runtime.GOMAXPROCS(1)
@ -160,6 +161,9 @@ requested, other TLS certificates are requested on demand.
 		if os.Getenv("MOX_SOCKETS") != "" {
 			log.Fatal("refusing to start as root with $MOX_SOCKETS set")
 		}
+		if os.Getenv("MOX_FILES") != "" {
+			log.Fatal("refusing to start as root with $MOX_FILES set")
+		}

 		if !mox.Conf.Static.NoFixPermissions {
 			// Fix permissions now that we have privilege to do so. Useful for update of v0.0.1
@ -178,7 +182,8 @@ requested, other TLS certificates are requested on demand.
 		}
 	} else {
 		log.Print("starting as unprivileged user", mlog.Field("user", mox.Conf.Static.User), mlog.Field("uid", mox.Conf.Static.UID), mlog.Field("gid", mox.Conf.Static.GID), mlog.Field("pid", os.Getpid()))
-		mox.RestorePassedSockets()
+		mox.RestorePassedFiles()
+		mox.MustLoadConfig(checkACMEHosts)
 	}

 	syscall.Umask(syscall.Umask(007) | 007)
@ -584,7 +589,7 @@ func start(mtastsdbRefresher, skipForkExec bool) error {
 			mox.ForkExecUnprivileged()
 			panic("cannot happen")
 		} else {
-			mox.CleanupPassedSockets()
+			mox.CleanupPassedFiles()
 		}
 	}