From a49e7c7e4b2f5b5127284c280155ddb69405d826 Mon Sep 17 00:00:00 2001
From: Dany LE <dany@iohub.dev>
Date: Wed, 1 Apr 2026 06:33:34 +0200
Subject: [PATCH] feat: group should have write permission on the socket file

---
 config-example.toml |  2 +-
 src/lib.rs          |  2 +-
 src/main.rs         | 21 +++++++++++++++++----
 src/utils.rs        | 20 ++++++++++++++++++++
 4 files changed, 39 insertions(+), 6 deletions(-)

diff --git a/config-example.toml b/config-example.toml
index 2c2e6af..c04d25a 100644
--- a/config-example.toml
+++ b/config-example.toml
@@ -5,7 +5,7 @@ socket = "unix:/tmp/lua1.sock"
 pidfile = "/tmp/luad.pid"
 
 # user name
-user = "dany"
+user = "root"
 # group name
 group = "dany"
 
diff --git a/src/lib.rs b/src/lib.rs
index 2d6881b..b48327a 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -23,7 +23,7 @@ pub const APP_VERSION: &str = env!("CARGO_PKG_VERSION");
 pub const DAEMON_NAME: &str = "luad";
 
 mod utils;
-pub use utils::{is_unix_socket, on_exit, privdrop};
+pub use utils::{chmod_file, is_unix_socket, on_exit, privdrop};
 
 mod logs;
 pub use logs::{LogLevel, LogManager};
diff --git a/src/main.rs b/src/main.rs
index fa3798f..1f5237a 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -37,11 +37,17 @@ const DEFAULT_WORKER_NUMBER: usize = 4;
 ///
 /// * `n` - system exit code
 fn clean_up(n: i32) {
-    if let Ok(socket_name) = std::env::var("socket") {
+    if let Ok(socket_name) = std::env::var("LUAD_SOCKET") {
         let file = socket_name.replace("unix:", "");
         let path = Path::new(&file);
         if path.exists() {
-            std::fs::remove_file(path).unwrap();
+            let _ = std::fs::remove_file(path);
+        }
+    }
+    if let Ok(pidfile) = std::env::var("LUAD_PID") {
+        let path = Path::new(&pidfile);
+        if path.exists() {
+            let _ = std::fs::remove_file(path);
         }
     }
     if n != 0 {
@@ -73,9 +79,15 @@ fn serve(config: &Config) {
         if socket_name.starts_with("unix:") {
             // e.g unix:/var/run/lighttpd/maint/efcgi.socket
             INFO!("Use unix domain socket: {}", socket_name);
-            std::env::set_var("socket", socket_name);
+            std::env::set_var("LUAD_SOCKET", socket_name);
             clean_up(0);
-            let listener = UnixListener::bind(socket_name.replace("unix:", "")).unwrap();
+            let path = socket_name.replace("unix:", "");
+            let listener = UnixListener::bind(&path).unwrap();
+            INFO!("Allow writeable for group on {}", path);
+            if let Err(error) = chmod_file(&path, 0o660) {
+                ERROR!("Unable to allow writable for group on {}: {}", path, error);
+            }
+
             for client in listener.incoming() {
                 let mut stream = client.unwrap();
                 pool.execute(move || handle_request(&mut stream));
@@ -174,6 +186,7 @@ fn main() {
                     let mut f = std::fs::File::create(&pidfile).unwrap();
                     write!(f, "{}", std::process::id()).unwrap();
                     DEBUG!("PID file created at {}", pidfile);
+                    std::env::set_var("LUAD_PID", pidfile);
                 }
                 None => {}
             }
diff --git a/src/utils.rs b/src/utils.rs
index 04c7ca5..99fa1a3 100644
--- a/src/utils.rs
+++ b/src/utils.rs
@@ -1,3 +1,5 @@
+use std::ffi::CString;
+
 use crate::{ERR, INFO};
 use nix;
 
@@ -80,6 +82,24 @@ pub fn on_exit(f: fn(n: i32) -> ()) {
     };
 }
 
+/// Change file mode
+///
+/// # Arguments
+///
+/// - `file` (`&str`) - input file
+///
+/// # Returns
+///
+/// - `Result<(), std::io::Error>`
+///
+pub fn chmod_file(file: &str, mode: u32) -> Result<(), std::io::Error> {
+    let c_path = CString::new(file)?;
+    if unsafe { libc::chmod(c_path.as_ptr(), mode) } != 0 {
+        return Err(ERR!(format!("Chmod failed: {}", file)));
+    }
+    Ok(())
+}
+
 /// Return an Error Result object from error string
 ///
 #[macro_export]