From mboxrd@z Thu Jan  1 00:00:00 1970
From: Anthony Liguori <aliguori@us.ibm.com>
Subject: Re: [Xen-changelog] Set the permissions correctly on
 the XML-RPC UDP	socket, so that non-root users
Date: Fri, 31 Mar 2006 09:49:51 -0600
Message-ID: <442D4F9F.5070004@us.ibm.com>
References: <E1FP85Y-00078n-Gr@xenbits.xensource.com>
	<442D3E7D.60302@us.ibm.com>
	<20060331154826.GA31093@leeni.uk.xensource.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <20060331154826.GA31093@leeni.uk.xensource.com>
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: Ewan Mellor <ewan@xensource.com>
Cc: xen-devel@lists.xensource.com
List-Id: xen-devel@lists.xenproject.org

Ewan Mellor wrote:
> On Fri, Mar 31, 2006 at 08:36:45AM -0600, Anthony Liguori wrote:
>
>   
>> Did you see this failure after changing the socket location to 
>> /var/run/xend/xml-rpc.sock?  The only way the permissions of 
>> /var/run/xend-xmlrpc.sock should be non-root is if /var/run has non root 
>> permissions.  Was that the case?
>>     
>
> We were seeing the failure intermittently, even when the socket was in
> /var/run.
>   

Interesting, that's really good to know for the future.

Thanks,

Anthony Liguori

> According to unix(7), on Linux, "sockets honour the permissions of the
> directory they are in", so it seems to me to be safest to have our own
> dedicated directory, so that we can guarantee the permissions on that are
> correct.
>
> Ewan.
>