[Unit]
Description=PHP Cloudlinux SSA Agent Socket
PartOf=ssa-agent.service

[Socket]
ListenStream=/opt/alt/clos_ssa/run/ssa.sock
# SocketMode=0666 is intentional: the socket must be writable by PHP
# processes running under any web server (Apache, LiteSpeed, Nginx)
# across all supported panels (cPanel, Plesk, DirectAdmin).
# Restricting via SocketGroup is not feasible because the group owning
# PHP workers differs per panel and web server combination.
# Input validation in agent.py _validate_input() limits accepted payloads
# to the exact format produced by the C extension (7 fields with strict
# types), but does not authenticate the sender — any local user who
# crafts a conforming payload can inject plausible metric data.
# This is an accepted residual risk for a metrics-collection socket.
SocketMode=0666
Backlog=2048

[Install]
WantedBy=sockets.target