Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S286987AbUKASbP (ORCPT ); Mon, 1 Nov 2004 13:31:15 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S280158AbUKARa4 (ORCPT ); Mon, 1 Nov 2004 12:30:56 -0500 Received: from linux01.gwdg.de ([134.76.13.21]:54474 "EHLO linux01.gwdg.de") by vger.kernel.org with ESMTP id S268361AbUKAR17 (ORCPT ); Mon, 1 Nov 2004 12:27:59 -0500 Date: Mon, 1 Nov 2004 18:27:56 +0100 (MET) From: Jan Engelhardt To: John M Collins cc: linux-kernel@vger.kernel.org Subject: Re: Fchown on unix domain sockets? In-Reply-To: <200411011543.04881.jmc@xisl.com> Message-ID: References: <200410312255.00621.jmc@xisl.com> <200411011441.56524.jmc@xisl.com> <200411011543.04881.jmc@xisl.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=utf-8 Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1267 Lines: 30 >> >When I connect to it is the point. I want to set the permissions etc so >> > that only the progams that are supposed to be talking to it talk to it. >> >> How about setting the permissions beforehand? > >We're talking about fchown not fchmod. Obviously you can set "umask" so that >the appropriate permissions are on or off. Whoops. Well, you said "permissions" in the topmost quoted thing. Anyway, you could use ACLs to restrict connecting to a PF_UNIX socket on a per user/group basis. >I just thought it would be worth drawing attention to the fact that "fchown" >silently does nothing and the whole thing is not documented anywhere (even on >OSes which give an error code). It just seemed a gap worth plugging. Now the message is clear. Glibc info pages maintained by glibc-bugs@gnu.org (IIRC), man pages now maintained by (sorry forgot the addr, but take a look on LKML archive for this day). Jan Engelhardt -- Gesellschaft für Wissenschaftliche Datenverarbeitung Am Fassberg, 37077 Göttingen, www.gwdg.de - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/