Additional arg: "-groupcookie" #22431

Is your feature request related to a problem? Please describe.

<!-- A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] -->

The RPC .cookie is generated with 0600 permissions (i.e. only the user running the daemon can use the cookie). When running bitcoind under a dedicated user and group (e.g. user = "bitcoin" and group = "bitcoin"), distinct users who are also in the "bitcoin" group cannot use the cookie for auth. This forces your hand when running additional RPC client software like electrs to have it also run under the "bitcoin" user if you want to use cookie based authentication. Currently the only way to alter this is to pass "-sysperms" but this uses the system umask for all files/dirs, not just the cookie. The cookie permissions should be individually tweak-able.

Describe the solution you'd like

<!-- A clear and concise description of what you want to happen. -->

A "-groupcookie" argument could be added which generated the cookie with 0640 permissions. This would allow distinct users added to the "bitcoin" group the ability to authenticate using the RPC cookie. In turn affording more flexible, and potentially more secure, installations.

Describe alternatives you've considered

<!-- A clear and concise description of any alternative solutions or features you've considered. -->

Continue to run additional RPC client software under the same user as the daemon or settle for username/password authentication.

This is less useful than I initially thought. Something like Electrs needs access to more than just the cookie. My best bet is likely to update the services umask to "037" and use the "-sysperms" flag.

Going to close this.