Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S269555AbUKAP6Y (ORCPT ); Mon, 1 Nov 2004 10:58:24 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S268856AbUKAP6V (ORCPT ); Mon, 1 Nov 2004 10:58:21 -0500 Received: from [193.112.238.6] ([193.112.238.6]:50311 "EHLO caveman.xisl.com") by vger.kernel.org with ESMTP id S273271AbUKAPnM (ORCPT ); Mon, 1 Nov 2004 10:43:12 -0500 From: John M Collins Organization: Xi Software Ltd To: linux-kernel@vger.kernel.org Subject: Re: Fchown on unix domain sockets? Date: Mon, 1 Nov 2004 15:43:04 +0000 User-Agent: KMail/1.6.1 References: <200410312255.00621.jmc@xisl.com> <200411011441.56524.jmc@xisl.com> In-Reply-To: Cc: Jan Engelhardt MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <200411011543.04881.jmc@xisl.com> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1801 Lines: 38 On Monday 01 Nov 2004 14:49, you wrote: > >> As some manpage might say, the socket thing you see in "ls -l" is just a > >> reference thing. When you connect to it, ls -l /proc/pidofprogram/fd/ > >> does not show the path, but [socket:xxxx] which shows that the > >> filesystem object is not used anymore. > > > >When I connect to it is the point. I want to set the permissions etc so > > that only the progams that are supposed to be talking to it talk to it. > > How about setting the permissions beforehand? We're talking about fchown not fchmod. Obviously you can set "umask" so that the appropriate permissions are on or off. As I've said, I don't mind the answer "no" but I think it's wrong to silently do nothing. What I'm trying to do is have a server process, which for various reasons has to run as root, create a socket for clients which belong to same package and are all set-user to "packageusername" to send requests and receive replies. I don't want all and sundry connecting and sending lumps of data and possibly making the server process do inappropriate things. I don't have a problem - the server process creates the socket and then uses "chown" on the path name before clients start to get at it. Or I can invoke "seteuid" before creating the socket. I just thought it would be worth drawing attention to the fact that "fchown" silently does nothing and the whole thing is not documented anywhere (even on OSes which give an error code). It just seemed a gap worth plugging. -- John Collins Xi Software Ltd www.xisl.com - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/