diff --git a/man7/unix.7 b/man7/unix.7 index 5c9c1e89d..4595684c1 100644 --- a/man7/unix.7 +++ b/man7/unix.7 @@ -501,27 +501,6 @@ be used in portable programs. (Some BSD-derived systems also support credential passing, but the implementation details differ.) .SH NOTES -In the Linux implementation, sockets which are visible in the -filesystem honor the permissions of the directory they are in. -Creation of a new socket will fail if the process does not have write and -search (execute) permission on the directory the socket is created in. - -On Linux, -connecting to a stream socket object requires write permission on that socket; -sending a datagram to a datagram socket likewise -requires write permission on that socket. -POSIX does not make any statement about the effect of the permissions -on a socket file, and on many systems (e.g., several BSD derivatives), -the socket permissions are ignored. -Portable programs should not rely on -this feature for security. - -A socket's owner, group, and permissions can be changed (using -.BR chown (2) -and -.BR chmod (2)). -.\" However, fchown() and fchmod() do not seem to have an effect - Binding to a socket with a filename creates a socket in the filesystem that must be deleted by the caller when it is no longer needed (using @@ -540,6 +519,35 @@ or call. UNIX domain stream sockets do not support the notion of out-of-band data. +.\" +.SS Socket ownership and permissions +In the Linux implementation, sockets which are visible in the +filesystem honor the permissions of the directory they are in. +Creation of a new socket will fail if the process does not have write and +search (execute) permission on the directory the socket is created in. + +On Linux, +connecting to a stream socket object requires write permission on that socket; +sending a datagram to a datagram socket likewise +requires write permission on that socket. +POSIX does not make any statement about the effect of the permissions +on a socket file, and on many systems (e.g., several BSD derivatives), +the socket permissions are ignored. +Portable programs should not rely on +this feature for security. + +When creating a new socket, the owner and group of the socket file +are set according to the usual rules. +The socket file has all permissions enabled, +other than those that are turned off by the process +.BR umask (2). + +A socket's owner, group, and permissions can be changed (using +.BR chown (2) +and +.BR chmod (2)). +.\" However, fchown() and fchmod() do not seem to have an effect + .\" .SH BUGS When binding a socket to an address,