-
jclulowsommerfeld: Note that permissions on the socket do not affect the ability of users to connect to it
-
jclulowEven though sometimes it seems like they do
-
jclulowdanmcd: That does seem like a good plan
-
jclulowEspecially now that so many of the clocks we use are computerised, with NTP and up to date timezone databases, etc
-
sommerfeldjclulow: while making this work, I definitely got permission denied errors which ppriv -l attributed to a zfs_*access function.
-
sommerfeldand changing the permissions fixed the issue.
-
jclulowIt depends on whether the software is using xpg4 or native sockets, unfortunately
-
jclulow(as to whether we bother to do that access check)
-
jclulowthat is, the _client_
-
sommerfeldah, right, I see that now.
-
sommerfeldI locked down the containing directory as well.
-
jclulowYeah, that's what we recommend