Additional arg: "-groupcookie" #22431

issue djschnei21 opened this issue on July 12, 2021
  1. djschnei21 commented at 1:25 AM on July 12, 2021: none

    Is your feature request related to a problem? Please describe.

    <!-- A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] -->

    The RPC .cookie is generated with 0600 permissions (i.e. only the user running the daemon can use the cookie). When running bitcoind under a dedicated user and group (e.g. user = "bitcoin" and group = "bitcoin"), distinct users who are also in the "bitcoin" group cannot use the cookie for auth. This forces your hand when running additional RPC client software like electrs to have it also run under the "bitcoin" user if you want to use cookie based authentication. Currently the only way to alter this is to pass "-sysperms" but this uses the system umask for all files/dirs, not just the cookie. The cookie permissions should be individually tweak-able.

    Describe the solution you'd like

    <!-- A clear and concise description of what you want to happen. -->

    A "-groupcookie" argument could be added which generated the cookie with 0640 permissions. This would allow distinct users added to the "bitcoin" group the ability to authenticate using the RPC cookie. In turn affording more flexible, and potentially more secure, installations.

    Describe alternatives you've considered

    <!-- A clear and concise description of any alternative solutions or features you've considered. -->

    Continue to run additional RPC client software under the same user as the daemon or settle for username/password authentication.

  2. djschnei21 added the label Feature on Jul 12, 2021
  3. djschnei21 commented at 2:52 PM on July 13, 2021: none

    This is less useful than I initially thought. Something like Electrs needs access to more than just the cookie. My best bet is likely to update the services umask to "037" and use the "-sysperms" flag.

    Going to close this.

  4. djschnei21 closed this on Jul 13, 2021

  5. DrahtBot locked this on Aug 18, 2022
Contributors
Labels

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-22 18:14 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me