From 4e99b700b34a9b267d652e22a47c312598f16dec Mon Sep 17 00:00:00 2001
From: Amanda Wee <amanda@aranel.net>
Date: Tue, 30 Sep 2025 22:37:35 +1300
Subject: [PATCH] use 0600 as default proxy socket endpoint file mode

---
 internal/config/config.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/config/config.go b/internal/config/config.go
index c7a73cb..1f4ae42 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -27,7 +27,7 @@ var (
 	defaultWatchdogInterval            = uint(0)                // watchdog interval in seconds (0 to disable)
 	defaultStopOnWatchdog              = false                  // set to true to stop the program when the socket gets unavailable (otherwise log only)
 	defaultProxySocketEndpoint         = ""                     // empty string means no socket listener, but regular TCP listener
-	defaultProxySocketEndpointFileMode = uint(0o400)            // set the file mode of the unix socket endpoint
+	defaultProxySocketEndpointFileMode = uint(0o600)            // set the file mode of the unix socket endpoint
 	defaultAllowBindMountFrom          = ""                     // empty string means no bind mount restrictions
 )