Projects/muscl
12
4
Fork 0
Code Issues 69 Pull Requests Actions Packages Releases Activity
Files
072bf6a0900a2e3ddce0fe7381b35293db2bcce9
muscl/docs/suid-sgid-mode.md
h7x4 8811a41980
Some checks failed
Build and test / test (push) Has been cancelled
Details
Build and test / docs (push) Has been cancelled
Details
Build and test / build (push) Has been cancelled
Details
Build and test / check (push) Has been cancelled
Details
Build and test / check-license (push) Has been cancelled
Details
docs: split SUID/SGID installation section into its own document
2025-12-15 09:05:18 +09:00

1.1 KiB
Raw Blame History

SUID/SGID mode

Warning

This will be deprecated in a future release, see #101

We do not recommend you use this mode unless you absolutely have to. The biggest reason why muscl was rewritten from scratch was to fix an architectural issue that easily caused vulnerabilites due to reliance on SUID/SGID. Althought the architecture now is more resistant against such vulnerabilites, it is not failsafe.

For backwards compatibility reasons, it is possible to run the program without a daemon by utilizing SUID/SGID.

In order to do this, you should set either the SUID/SGID bit and preferably make the executable owned by a non-privileged user. If the database is running on the same machine, the user/group will need access to write and read from the database socket. Otherwise, the only requirement is that the user/group is able to read the config file (typically /etc/muscl/config.toml).

Note that the feature flag for SUID/SGID mode is not enabled by default, and is not included in the default deb package. You will need to compile the program yourself with --features suid-sgid-mode.

Reference in New Issue View Git Blame Copy Permalink