mirror of https://github.com/mkerrisk/man-pages
unix.7: Clarify ownership and permissions assigned during socket creation
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
7578ea2f85
commit
00b78c5fda
50
man7/unix.7
50
man7/unix.7
|
@ -501,27 +501,6 @@ be used in portable programs.
|
||||||
(Some BSD-derived systems also support credential passing,
|
(Some BSD-derived systems also support credential passing,
|
||||||
but the implementation details differ.)
|
but the implementation details differ.)
|
||||||
.SH NOTES
|
.SH NOTES
|
||||||
In the Linux implementation, sockets which are visible in the
|
|
||||||
filesystem honor the permissions of the directory they are in.
|
|
||||||
Creation of a new socket will fail if the process does not have write and
|
|
||||||
search (execute) permission on the directory the socket is created in.
|
|
||||||
|
|
||||||
On Linux,
|
|
||||||
connecting to a stream socket object requires write permission on that socket;
|
|
||||||
sending a datagram to a datagram socket likewise
|
|
||||||
requires write permission on that socket.
|
|
||||||
POSIX does not make any statement about the effect of the permissions
|
|
||||||
on a socket file, and on many systems (e.g., several BSD derivatives),
|
|
||||||
the socket permissions are ignored.
|
|
||||||
Portable programs should not rely on
|
|
||||||
this feature for security.
|
|
||||||
|
|
||||||
A socket's owner, group, and permissions can be changed (using
|
|
||||||
.BR chown (2)
|
|
||||||
and
|
|
||||||
.BR chmod (2)).
|
|
||||||
.\" However, fchown() and fchmod() do not seem to have an effect
|
|
||||||
|
|
||||||
Binding to a socket with a filename creates a socket
|
Binding to a socket with a filename creates a socket
|
||||||
in the filesystem that must be deleted by the caller when it is no
|
in the filesystem that must be deleted by the caller when it is no
|
||||||
longer needed (using
|
longer needed (using
|
||||||
|
@ -540,6 +519,35 @@ or
|
||||||
call.
|
call.
|
||||||
|
|
||||||
UNIX domain stream sockets do not support the notion of out-of-band data.
|
UNIX domain stream sockets do not support the notion of out-of-band data.
|
||||||
|
.\"
|
||||||
|
.SS Socket ownership and permissions
|
||||||
|
In the Linux implementation, sockets which are visible in the
|
||||||
|
filesystem honor the permissions of the directory they are in.
|
||||||
|
Creation of a new socket will fail if the process does not have write and
|
||||||
|
search (execute) permission on the directory the socket is created in.
|
||||||
|
|
||||||
|
On Linux,
|
||||||
|
connecting to a stream socket object requires write permission on that socket;
|
||||||
|
sending a datagram to a datagram socket likewise
|
||||||
|
requires write permission on that socket.
|
||||||
|
POSIX does not make any statement about the effect of the permissions
|
||||||
|
on a socket file, and on many systems (e.g., several BSD derivatives),
|
||||||
|
the socket permissions are ignored.
|
||||||
|
Portable programs should not rely on
|
||||||
|
this feature for security.
|
||||||
|
|
||||||
|
When creating a new socket, the owner and group of the socket file
|
||||||
|
are set according to the usual rules.
|
||||||
|
The socket file has all permissions enabled,
|
||||||
|
other than those that are turned off by the process
|
||||||
|
.BR umask (2).
|
||||||
|
|
||||||
|
A socket's owner, group, and permissions can be changed (using
|
||||||
|
.BR chown (2)
|
||||||
|
and
|
||||||
|
.BR chmod (2)).
|
||||||
|
.\" However, fchown() and fchmod() do not seem to have an effect
|
||||||
|
|
||||||
.\"
|
.\"
|
||||||
.SH BUGS
|
.SH BUGS
|
||||||
When binding a socket to an address,
|
When binding a socket to an address,
|
||||||
|
|
Loading…
Reference in New Issue