开发者

UNIX domain sockets not accessable across users?

问答 作者:

I'm running a client/server application on Red Hat Enterprise using ZMQ for message passing. The IPC socket used to associate a client with the server is implemented using a Unix domain socket.

If user A starts the server process, it seems like only clients started by user A can connect to and communicate over that socket. Our project requires that the clients be able to be run by different users, so this is a major sticking point.

The socket is located at /tmp/ipc_assoc with default 755 permissions. chmod 777 does not fix the problem. chown userB allows user B to access the socket, but user A the开发者_如何学JAVAn loses access. Not even root can access the socket. There is no ACL or SeLinux in use on the machine.

Is this typical behavior for Unix domain sockets? Has anyone figured out how to work around it?

chmod(s.sun_path, 0777); after listening to the socket.

domain = AF_UNIX;
name = servname;
port = -1;

n = MakeLocalSocket(s);
if (n == 0) {
    fatal("can't create socket");
}

unlink(s.sun_path);

if (bind(fd, & s, n) < 0) {
    fatal("can't bind socket");
}

if (listen(fd, 5) != 0) {
    fatal("can't listen to socket");
}

/* UNIX domain sockets need to be mode 777 on 4.3 */
chmod(s.sun_path, 0777);

Temporarily alter the umask:

mode_t umask_ = umask(0000); /* let the socket be mode 0777 so that other users can connect */
int err = bind(fd, (struct sockaddr *)&unix_bind_addr, sizeof(unix_bind_addr));
umask(umask_); /* restore old umask (0777 is a pretty bad choice for normal stuff) */
if (err) {
  /* handle bind error here */
}

Of course, this is a bad idea if you're using threads.

With some assistance from the ZMQ mailing list, I have made a work around. It's ugly, but seems to work consistently.

I had to make a subdirectory under /tmp and chmod 777 it. The server now creates the socket in that new folder. It also programmatically chmod 777 the socket. Now, as long as the server is run as root, any user can run a client and talk to the server.

I don't know why UNIX domain socket behave this way, but it sure is annoying.

Have you tried adding UserA and UserB into a common user group?

继续阅读:sockets

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9