Opened at 2011-09-14T17:10:06Z
Last modified at 2014-01-21T20:43:30Z
#1535 new enhancement
Allow restricting Tahoe-LAFS gateway to one user — at Initial Version
| Reported by: | LoneTech | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | eventually |
| Component: | code-frontend-cli | Version: | 1.8.2 |
| Keywords: | wui cli socket unix security confidentiality integrity capleak | Cc: | |
| Launchpad Bug: |
Description
It's fairly easy to limit the node interface, by setting something like: web.port = unix:/home/$USER/.tahoe/websocket:mode=600
The problem is, web browsers can't connect to it. That much is expected, but neither can the tahoe CLI. It refuses any node.url that does not begin with http or https, and I found no way to make it connect to a UNIX socket.
The downside with a TCP socket is it lets all local users use the filesystem, even if they can't find your files in it without the caps.
Note: See
TracTickets for help on using
tickets.
