Werk #14925: Tighten permissions for Event Console pipe and sockets

Component Event Console
Title Tighten permissions for Event Console pipe and sockets
Date Dec 5, 2022
Checkmk Edition Checkmk Raw (CRE)
Checkmk Version 2.2.0b1
Level Trivial Change
Class Bug Fix
Compatibility Incompatible - Manual interaction might be required

For some internal communication of the Event Console Unix sockets are used. These reside in tmp/run/mkeventd/ and used to be world readable. Since these sockets are not meant to be used from site external scripts and we cannot foresee the side-effects the permissions were changed so that only Checkmk can read and write to them.

To make it easier to write custom events to the Event Console there is a Unix pipe also in tmp/run/mkeventd/. This pipe used to be world readable and writeable. With this Werk the permission is changed so that the Pipe is only world writeable. So custom scripts can still write events to this pipe but can no longer read from this pipe.

If you used these sockets or pipe with custom scripts and rely on the previous permissions, you still can change them (eg. with chmod). Please be aware that we do not support this customization.

To the list of all Werks