id summary reporter owner description type status priority milestone component version resolution keywords cc launchpad_bug 1535 Allow restricting Tahoe-LAFS gateway to one user by supporting Unix sockets LoneTech "It's fairly easy to limit the node interface, by setting something like: web.port = unix:/home/$USER/.tahoe/websocket:mode=600 The problem is, web browsers can't connect to it. That much is expected, but neither can the tahoe CLI. It refuses any node.url that does not begin with http or https, and I found no way to make it connect to a UNIX socket. The downside with a TCP socket is it lets all local users use the filesystem, even if they can't find your files in it without the caps." enhancement new normal eventually code-frontend-cli 1.8.2 wui cli socket unix security confidentiality integrity capleak