LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

unix.7: Clarify ownership and permissions assigned during socket creation 

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk 2016-06-17 18:51:38 +02:00
parent 7578ea2f85
commit 00b78c5fda
1 changed files with 29 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
man7/unix.7
View File

@ -501,27 +501,6 @@ be used in portable programs.
(Some BSD-derived systems also support credential passing,
but the implementation details differ.)
.SH NOTES
In the Linux implementation, sockets which are visible in the
filesystem honor the permissions of the directory they are in.
Creation of a new socket will fail if the process does not have write and
search (execute) permission on the directory the socket is created in.
On Linux,
connecting to a stream socket object requires write permission on that socket;
sending a datagram to a datagram socket likewise
requires write permission on that socket.
POSIX does not make any statement about the effect of the permissions
on a socket file, and on many systems (e.g., several BSD derivatives),
the socket permissions are ignored.
Portable programs should not rely on
this feature for security.
A socket's owner, group, and permissions can be changed (using
.BR chown (2)
and
.BR chmod (2)).
.\" However, fchown() and fchmod() do not seem to have an effect
Binding to a socket with a filename creates a socket
in the filesystem that must be deleted by the caller when it is no
longer needed (using
@ -540,6 +519,35 @@ or
call.
UNIX domain stream sockets do not support the notion of out-of-band data.
.\"
.SS Socket ownership and permissions
In the Linux implementation, sockets which are visible in the
filesystem honor the permissions of the directory they are in.
Creation of a new socket will fail if the process does not have write and
search (execute) permission on the directory the socket is created in.
On Linux,
connecting to a stream socket object requires write permission on that socket;
sending a datagram to a datagram socket likewise
requires write permission on that socket.
POSIX does not make any statement about the effect of the permissions
on a socket file, and on many systems (e.g., several BSD derivatives),
the socket permissions are ignored.
Portable programs should not rely on
this feature for security.
When creating a new socket, the owner and group of the socket file
are set according to the usual rules.
The socket file has all permissions enabled,
other than those that are turned off by the process
.BR umask (2).
A socket's owner, group, and permissions can be changed (using
.BR chown (2)
and
.BR chmod (2)).
.\" However, fchown() and fchmod() do not seem to have an effect
.\"
.SH BUGS
When binding a socket to an address,