Re: Fchown on unix domain sockets?

[John M Collins <jmc@xisl.com>]

On Monday 01 Nov 2004 14:49, you wrote:
> >> As some manpage might say, the socket thing you see in "ls -l" is just a
> >> reference thing. When you connect to it, ls -l /proc/pidofprogram/fd/
> >> does not show the path, but [socket:xxxx] which shows that the
> >> filesystem object is not used anymore.
> >
> >When I connect to it is the point. I want to set the permissions etc so
> > that only the progams that are supposed to be talking to it talk to it.
>
> How about setting the permissions beforehand?

We're talking about fchown not fchmod. Obviously you can set "umask" so that 
the appropriate permissions are on or off.

As I've said, I don't mind the answer "no" but I think it's wrong to silently 
do nothing.

What I'm trying to do is have a server process, which for various reasons has 
to run as root, create a socket for clients which belong to same package and 
are all set-user to "packageusername" to send requests and receive replies. I 
don't want all and sundry connecting and sending lumps of data and possibly 
making the server process do inappropriate things.

I don't have a problem - the server process creates the socket and then uses 
"chown" on the path name before clients start to get at it. Or I can invoke 
"seteuid" before creating the socket.

I just thought it would be worth drawing attention to the fact that "fchown" 
silently does nothing and the whole thing is not documented anywhere (even on 
OSes which give an error code). It just seemed a gap worth plugging.

-- 
John Collins Xi Software Ltd www.xisl.com