community/kubo: allow setting permissions on admin interface
Hello,
I think it'd be really useful to change the default RPC interface to a path capable of filesystem permissions, instead of using TCP/IP routing to manage permissions. This is how I have it set on my server. With Linux permissions, I can just set a group on the socket (or use the default one, "ipfs" currently), and then add users to that group who should have permissions to access it. Setting permissions on a TCP/IP port sounds like a nightmare to me. This is very similar to how <I/some> use PostgreSQL and PHP.
In my setup with OpenRC, I set the API address like this:
ipfs config Addresses.API /unix/run/ipfs/ipfs.sock
That can be done in kubo.post-install
for example (after doing ipfs init -e
).
And then in my /etc/init.d/ipfs
I have:
start_pre() {
checkpath --directory --mode 755 --owner ipfs:ipfs /run/ipfs
}
I can then add users allowed to manage IPFS like this:
usermod -a -G ipfs usernamehere