Running mpd as user mpd and using socket in /var/lib/mpd/ to connect. With the update from 0.23.13-r1 to 0.23.15-r1 the permissions of this directory are reset to 0600 on startup of mpd. Not sure if this a upstream issue or not but if blocks access for any user even if in the same group. Is this directory not suited (it is still listed in the gentoo wiki) or should the permissions be preserved or granted for the group at least? Reproducible: Always Steps to Reproduce: 1. upgrade mpd to 0.23.15-r1 2. restart mpd 3. try to connect to socket configured for /var/lib/mpd/socket Actual Results: connection fails as user has no access to the directory in which the socket is Expected Results: user can connect
commit e052555c5ead5ea46c5b8d5ebc61f9e89a4d5fa8 Author: Adrian Schollmeyer <nex+b-g-o@nexadn.de> Date: Sun Nov 12 22:11:27 2023 +0100 media-sound/mpd: add 0.23.15 The new version removes unnecessary modifications to the default configuration and adds default values for creating the PID file and log file in FHS directories. Co-Authored-By: Jeroen Roovers <jer@xs4all.nl> Closes: https://bugs.gentoo.org/872668 Closes: https://bugs.gentoo.org/918421 Closes: https://bugs.gentoo.org/919577 Signed-off-by: Adrian Schollmeyer <nex+b-g-o@nexadn.de> Closes: https://github.com/gentoo/gentoo/pull/34469 Signed-off-by: Joonas Niilola <juippis@gentoo.org>
Tried now also using @mpd to bind to socket by name only without path in filesystem. Works for ncmpc client but fails in cantata (no longer maintained). Also using "/var/run/mpd/socket" as alternative worked as the directory is not managed by mpd nor the init script. Both are mentioned at https://mpd.readthedocs.io/en/stable/user.html#client-connections not sure if this would be the solution in general and an update to wiki would be the way to go?
Unfortunately, MPD doesn't properly protect its PID file (Owner root:root with chmod a-rwx), requiring us to protect the directory in which MPD creates its PID file. The second modification applies to the log dir, correcting the owner and granting write access for MPD. The first of these measures is necessary for security reasons, while the second one is necessary for MPD to even be able to start. I my opinion, the correct fix would be for users to create the PID and log files in the locations suggested by the default distro config (i.e. apply the change suggested by dispatch-conf). These files should not be touched by regular users, anyway, so keeping them in a directory where potential users might need access is not really a smart idea. Actually, if you install the default Gentoo config shipped with media-sound/mpd, you should be able to change permissions for /var/lib/mpd and anything beneath it as you please.
Ok so the reset of the directory permissions i faced originally (preventing me of using 750 as directory permissions for /var/lib/mpd) was due to the fact that i had the .pid file also configured there (i guess based from an old default configuration which i did not update on etc-update, i assume i usually keep active settings which are working). Now that i moved out the pid file to /run/mpd i can adapt the permissions of /var/lib/mpd and they are not reset on service restart. So the problem is solved for me. Thanks for the hint
