diff --git a/ipn/ipnserver/server.go b/ipn/ipnserver/server.go index 15bbba694..ae053f88f 100644 --- a/ipn/ipnserver/server.go +++ b/ipn/ipnserver/server.go @@ -19,6 +19,7 @@ import ( "os/signal" "os/user" "runtime" + "strconv" "strings" "sync" "sync/atomic" @@ -336,6 +337,10 @@ func isReadonlyConn(c net.Conn, logf logger.Logf) bool { logf("connection from userid %v; root has access", uid) return rw } + if selfUID := os.Getuid(); selfUID != 0 && uid == strconv.Itoa(selfUID) { + logf("connection from userid %v; connection from non-root user matching daemon has access", uid) + return rw + } var adminGroupID string switch runtime.GOOS { case "darwin":