mirror of https://github.com/mkerrisk/man-pages
unix.7: Clarify ownership and permissions assigned during socket creation
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
7578ea2f85
commit
00b78c5fda
50
man7/unix.7
50
man7/unix.7
|
@ -501,27 +501,6 @@ be used in portable programs.
|
|||
(Some BSD-derived systems also support credential passing,
|
||||
but the implementation details differ.)
|
||||
.SH NOTES
|
||||
In the Linux implementation, sockets which are visible in the
|
||||
filesystem honor the permissions of the directory they are in.
|
||||
Creation of a new socket will fail if the process does not have write and
|
||||
search (execute) permission on the directory the socket is created in.
|
||||
|
||||
On Linux,
|
||||
connecting to a stream socket object requires write permission on that socket;
|
||||
sending a datagram to a datagram socket likewise
|
||||
requires write permission on that socket.
|
||||
POSIX does not make any statement about the effect of the permissions
|
||||
on a socket file, and on many systems (e.g., several BSD derivatives),
|
||||
the socket permissions are ignored.
|
||||
Portable programs should not rely on
|
||||
this feature for security.
|
||||
|
||||
A socket's owner, group, and permissions can be changed (using
|
||||
.BR chown (2)
|
||||
and
|
||||
.BR chmod (2)).
|
||||
.\" However, fchown() and fchmod() do not seem to have an effect
|
||||
|
||||
Binding to a socket with a filename creates a socket
|
||||
in the filesystem that must be deleted by the caller when it is no
|
||||
longer needed (using
|
||||
|
@ -540,6 +519,35 @@ or
|
|||
call.
|
||||
|
||||
UNIX domain stream sockets do not support the notion of out-of-band data.
|
||||
.\"
|
||||
.SS Socket ownership and permissions
|
||||
In the Linux implementation, sockets which are visible in the
|
||||
filesystem honor the permissions of the directory they are in.
|
||||
Creation of a new socket will fail if the process does not have write and
|
||||
search (execute) permission on the directory the socket is created in.
|
||||
|
||||
On Linux,
|
||||
connecting to a stream socket object requires write permission on that socket;
|
||||
sending a datagram to a datagram socket likewise
|
||||
requires write permission on that socket.
|
||||
POSIX does not make any statement about the effect of the permissions
|
||||
on a socket file, and on many systems (e.g., several BSD derivatives),
|
||||
the socket permissions are ignored.
|
||||
Portable programs should not rely on
|
||||
this feature for security.
|
||||
|
||||
When creating a new socket, the owner and group of the socket file
|
||||
are set according to the usual rules.
|
||||
The socket file has all permissions enabled,
|
||||
other than those that are turned off by the process
|
||||
.BR umask (2).
|
||||
|
||||
A socket's owner, group, and permissions can be changed (using
|
||||
.BR chown (2)
|
||||
and
|
||||
.BR chmod (2)).
|
||||
.\" However, fchown() and fchmod() do not seem to have an effect
|
||||
|
||||
.\"
|
||||
.SH BUGS
|
||||
When binding a socket to an address,
|
||||
|
|
Loading…
Reference in New Issue