id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	launchpad_bug
1535	Allow restricting Tahoe-LAFS gateway to one user by supporting Unix sockets	LoneTech		"It's fairly easy to limit the node interface, by setting something like:
web.port = unix:/home/$USER/.tahoe/websocket:mode=600

The problem is, web browsers can't connect to it. That much is expected, but neither can the tahoe CLI. It refuses any node.url that does not begin with http or https, and I found no way to make it connect to a UNIX socket.

The downside with a TCP socket is it lets all local users use the filesystem, even if they can't find your files in it without the caps."	enhancement	new	normal	eventually	code-frontend-cli	1.8.2		wui cli socket unix security confidentiality integrity capleak