Werk #14925: Tighten permissions for Event Console pipe and sockets
Component | Event Console | ||
Title | Tighten permissions for Event Console pipe and sockets | ||
Date | Dec 5, 2022 | ||
Level | Trivial Change | ||
Class | Bug Fix | ||
Compatibility | Incompatible - Manual interaction might be required | ||
Checkmk versions & editions |
|
For some internal communication of the Event Console Unix sockets are used. These reside in tmp/run/mkeventd/ and used to be world readable. Since these sockets are not meant to be used from site external scripts and we cannot foresee the side-effects the permissions were changed so that only Checkmk can read and write to them.
To make it easier to write custom events to the Event Console there is a Unix pipe also in tmp/run/mkeventd/. This pipe used to be world readable and writeable. With this Werk the permission is changed so that the Pipe is only world writeable. So custom scripts can still write events to this pipe but can no longer read from this pipe.
If you used these sockets or pipe with custom scripts and rely on the previous permissions, you still can change them (eg. with chmod). Please be aware that we do not support this customization.