path: root/design-documents
diff options
authorThien-Thi Nguyen <>2021-01-11 00:18:27 -0500
committerThien-Thi Nguyen <>2021-01-11 00:18:27 -0500
commit02a00c78cfae37e18c613d606ef24b92df927dc3 (patch)
tree595ab7539c2608fce0f95f3696eb7a6ac46e8441 /design-documents
parentf58e345828204e96339d9b50ad650d5236706b29 (diff)
add subsection "Socket permission details"
This reflects the result of an email discussion between FD and CG.
Diffstat (limited to 'design-documents')
1 files changed, 6 insertions, 0 deletions
diff --git a/design-documents/010-exchange-helpers.rst b/design-documents/010-exchange-helpers.rst
index a299948..a304d8e 100644
--- a/design-documents/010-exchange-helpers.rst
+++ b/design-documents/010-exchange-helpers.rst
@@ -42,6 +42,12 @@ running under a different user ID (UID), creating in effect a software
security module. The exchange's HTTP process will be required to interact
with those helpers via a UNIX domain socket.
+Socket permission details:
+* The socket will be chmod 0620 (u+rw, g+w) regardless of umask.
+* That the group is the same group of the crypto helpers must
+ still be ensured by the operator.
General design details:
* The helpers will process requests from the exchange to sign and revoke keys.