Fix possibly insecure permissions on the control socket.

The server's control socket is now in a private directory.

initscript

@@ -2,7 +2,7 @@
 
 NODE_PATH=/usr/lib/node_modules
 LOGFILE=/var/log/rlgwebd.log
-CTLSOCKET=/var/run/rlgwebd.sock
+CTLSOCKET=/var/run/rlgwebd/rlgwebd.sock
 RLGWEBDJS=/usr/local/bin/rlgwebd
 
 export NODE_PATH

rlgwebd

@@ -15,7 +15,7 @@ var WebSocketServer = require("websocket").server;
 
 /* Default options */
 var rlgwebd_options = { 
-  control_socket: "/var/run/rlgwebd.sock",
+  control_socket: "/var/run/rlgwebd/rlgwebd.sock",
   port: 8080,
   chrootDir: "/var/dgl/",
   username: "rodney",
@@ -1266,6 +1266,21 @@ if (rlgwebd_options.use_https) {
     tls_options.ca = read_or_die(rlgwebd_options.cafile, "CA file");
 };
 
+/* Make sure the socket directory is secure. */
+var socket_dir = path.dirname(rlgwebd_options.control_socket);
+try {
+  fs.mkdirSync(socket_dir, 0o700);
+}
+catch (err) {
+  if (err.code == "EEXIST") {
+    fs.chownSync(socket_dir, 0, 0);
+    fs.chmodSync(socket_dir, 0o700);
+  }
+  else {
+    throw err;
+  }
+}
+
 /* Open the control socket before chrooting where it can't be found */
 var ctlServer = net.createServer(function (sock) {
   sock.on('data', consoleHandler);

rlgwebd-stop

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 
 var net = require('net');
-var sockpath = "/var/run/rlgwebd.sock";
+var sockpath = "/var/run/rlgwebd/rlgwebd.sock";
 
 var sock = new net.Socket();
 

rlgwebd.conf

@@ -3,7 +3,7 @@
 
 # These values are set by default:
 # Location of the socket for start/stop commands
-#control_socket = /var/run/rlgwebd.sock
+#control_socket = /var/run/rlgwebd/rlgwebd.sock
 # Port number to bind
 #port = 8080
 # Path to the dgamelaunch installation to chroot into