Projects/muscl
12
4
Fork 0
Code Issues 75 Pull Requests Actions Packages Releases Activity
Files
a141e97bebf8e18b94baad8ee0ec2e5b3384ad13
muscl/docs/suid-sgid-mode.md
h7x4 09e7a22f24
All checks were successful
Build and test / check-license (push) Successful in 1m4s
Details
Build and test / check (push) Successful in 2m51s
Details
Build and test / build (push) Successful in 2m54s
Details
Build and test / test (push) Successful in 3m45s
Details
Build and test / docs (push) Successful in 8m58s
Details
Fix a few typos
2026-01-12 15:35:21 +09:00

1.1 KiB
Raw Blame History

SUID/SGID mode

Warning

This will be deprecated in a future release, see #101

We do not recommend you use this mode unless you absolutely have to. The biggest reason why muscl was rewritten from scratch was to fix an architectural issue that easily caused vulnerabilities due to reliance on SUID/SGID. Although the architecture now is more resistant against such vulnerabilities, it is not failsafe.

For backwards compatibility reasons, it is possible to run the program without a daemon by utilizing SUID/SGID.

In order to do this, you should set either the SUID/SGID bit and preferably make the executable owned by a non-privileged user. If the database is running on the same machine, the user/group will need access to write and read from the database socket. Otherwise, the only requirement is that the user/group is able to read the config file (typically /etc/muscl/config.toml).

Note that the feature flag for SUID/SGID mode is not enabled by default, and is not included in the default deb package. You will need to compile the program yourself with --features suid-sgid-mode.

Reference in New Issue View Git Blame Copy Permalink