UNIX Socket permissions (Linux)

c linux sockets unix
21,297

Solution 1

1. Why parent permissions are not enough to make the socket writeable as the doc says?

The doc says

Connecting to the socket object requires read/write permission.

Parent permissions are only relevant for new socket creation, and that is all the doc says about it:

Creation of a new socket will fail if the process does not have write and search (execute) permission on the directory the socket is created in.

You are free to make your socket writeable:

Their owner, group and their permissions can be changed.

2. What is the best practice in that case?

Create a socket, and make it user's (man 2 chown). Or create a socket, and make it writeable (man 2 chmod).

Solution 2

Unix sockets are affected by the umask of your process which, by default, will likely be 0022 (its actually an inherited property from the parent process, by default). This seems to be reflected in your api/socket.

If you want your socket world-writeable, the easiest way would be for you app to call this before your socket is created and bound:

umask(0);
Share:
21,297
Andrei Kouznetsov
Author by

Andrei Kouznetsov

Updated on July 23, 2020

Comments

  • Andrei Kouznetsov
    Andrei Kouznetsov almost 4 years

    I am using UNIX sockets in C to develop a server. From the manual:

    In the Linux implementation, sockets which are visible in the filesystem honor the per‐ missions of the directory they are in. Their owner, group and their permissions can be changed. Creation of a new socket will fail if the process does not have write and search (execute) permission on the directory the socket is created in. Connecting to the socket object requires read/write permission. This behavior differs from many BSD- derived systems which ignore permissions for UNIX domain sockets. Portable programs should not rely on this feature for security.

    I have a path that is world writeable.

        $ ls -ld api
    drwxrwxrwx 2 root www-data 4096 Feb 15 21:57 api

    A process under root creates a socket in this path:

        $  ls -l api/socket
    srwxr-xr-x 1 root root 0 Feb 15 21:57 api/socket

    Another process that is running as a user cannot connect to the socket due to permissions issues. If I manually change socket permissions to be writeable by everyone, then other processes can successfully connect.

    1. Why parent permissions are not enough to make the socket writeable as the doc says?
    2. What is the best practice in that case?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What can cause a “Resource temporarily unavailable” on sock send() command
Turn a simple socket into an SSL socket
listen() queue length in socket-programing in c?
Data Type - socklen_t, sa_family_t
how to print struct timeVal
How to print hexadecimal double in C?
Location of C header files in debian
Why does perror function return success value?
Draw simple box using curses
"creat" System Call in Unix