Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Technical Support
Merits 13 from 3 users
Topic OP
Make .cookie file readable for bitcoin group
by
RequestPrivacy
on 22/06/2022, 13:32:52 UTC
⭐ Merited by LoyceV (6) ,o_e_l_e_o (4) ,ETFbitcoin (3)
Hey everyone,

happy to post my first question in THE bitcoin forum.

Problem
I just installed Bitcoin Core 22.0 on a Raspberry Pi4. As far as I understand it, the preferred authentication method for rpc calls should be via the .cookie file. Since I want to compartmentalize all software on the node I would have thought that the correct procedure is to create a dedicated group (say btcCookie) with read access to the .cookie file and then add the different users that need access to that group (I'm thinking of generic users like for an indexer). To create a dedicated group I changed the systemd bitcoin.service file to

Code:
[Service]
# Run as bitcoin:btcCookie
User=bitcoin
Group=btcCookie

This gave me indeed a dedicated group for the .cookie, bitcoind.pid and settings.json file. I'm not sure if it's a problem to have the pid and json file on the same group?!

Code:
bitcoin@debian:~/.bitcoin $ ll
total 183364
drwxrwx--- 5 bitcoin bitcoin        4096 Jun 22 14:32 .
drwxr-xr-x 3 root    root           4096 Mar 13 17:26 ..
drwx------ 3 bitcoin bitcoin      176128 Jun 22 06:20 blocks
drwx------ 2 bitcoin bitcoin      106496 Jun 22 14:37 chainstate
drwx------ 3 bitcoin bitcoin        4096 Apr  1 17:28 indexes
-rw------- 1 bitcoin btcCookie        75 Jun 22 14:32 .cookie
-rw------- 1 bitcoin bitcoin           0 Apr  1 17:28 .lock
-rw------- 1 bitcoin bitcoin          34 Apr  1 17:28 banlist.json
-rw-r--r-- 1 bitcoin bitcoin        5480 Jun 22 14:17 bitcoin.conf
-rw------- 1 bitcoin btcCookie         6 Jun 22 14:32 bitcoind.pid
-rw------- 1 bitcoin bitcoin   184060873 Jun 22 14:37 debug.log
-rw------- 1 bitcoin bitcoin      247985 Jun 22 14:27 fee_estimates.dat
-rw------- 1 bitcoin bitcoin     1799583 Jun 22 14:27 mempool.dat
-rw------- 1 bitcoin bitcoin     1282929 Jun 22 14:27 peers.dat
-rw-r--r-- 1 bitcoin btcCookie         7 Jun 22 14:32 settings.json

 Anyways, now I need to get the .cookie file in a readable state for the btcCookie group like so:

Code:
bitcoin@debian:~/.bitcoin $ ll
...
-rw-r----- 1 bitcoin btcCookie        75 Jun 22 14:32 .cookie
....

I've found someone with the same question https://www.reddit.com/r/Bitcoin/comments/9y1rtn/correct_way_to_use_cookie_auth_on_server/ but I'm not sure if his process is advisable and his outcome isn't problematic (in the process he also made mempool.dat and peers.dat group readable).

Another discussion re:permissions can be found here: https://bitcointalk.org/index.php?topic=5160894.0

Questions
1. How can I make the .cookie file group readable?
2. Is it problematic to have either or all of the following as group readable (bitcoind.pid, settings.json, mempool.dat and peers.dat)?
3. How can I prevent them from becoming group readable if so?
4. If no1 isn't possible, how can I provide other users with read access to the .cookie file?

Thank you and glad to be here!

Cheers,

RequestPrivacy