mirror of https://github.com/mkerrisk/man-pages
unix.7: Move discussion on pathname socket permissions to DESCRIPTION
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk
parent
b2bbcdb6ac
commit
9f213833a4
57
man7/unix.7
57
man7/unix.7
|
|
@ -223,6 +223,35 @@ if the output value exceeds the input value,
|
|||
then there is no guarantee that a null terminator is present in
|
||||
.IR sun_path .
|
||||
(See BUGS.)
|
||||
.\"
|
||||
.SS Pathname socket ownership and permissions
|
||||
In the Linux implementation,
|
||||
pathname sockets honor the permissions of the directory they are in.
|
||||
Creation of a new socket will fail if the process does not have write and
|
||||
search (execute) permission on the directory in which the socket is created.
|
||||
|
||||
On Linux,
|
||||
connecting to a stream socket object requires write permission on that socket;
|
||||
sending a datagram to a datagram socket likewise
|
||||
requires write permission on that socket.
|
||||
POSIX does not make any statement about the effect of the permissions
|
||||
on a socket file, and on many systems (e.g., several BSD derivatives),
|
||||
the socket permissions are ignored.
|
||||
Portable programs should not rely on
|
||||
this feature for security.
|
||||
|
||||
When creating a new socket, the owner and group of the socket file
|
||||
are set according to the usual rules.
|
||||
The socket file has all permissions enabled,
|
||||
other than those that are turned off by the process
|
||||
.BR umask (2).
|
||||
|
||||
The owner, group, and permissions of a pathname socket can be changed (using
|
||||
.BR chown (2)
|
||||
and
|
||||
.BR chmod (2)).
|
||||
.\" However, fchown() and fchmod() do not seem to have an effect
|
||||
.\"
|
||||
.SS Socket options
|
||||
For historical reasons, these socket options are specified with a
|
||||
.B SOL_SOCKET
|
||||
|
|
@ -522,34 +551,6 @@ call.
|
|||
|
||||
UNIX domain stream sockets do not support the notion of out-of-band data.
|
||||
.\"
|
||||
.SS Socket ownership and permissions
|
||||
In the Linux implementation,
|
||||
pathname sockets honor the permissions of the directory they are in.
|
||||
Creation of a new socket will fail if the process does not have write and
|
||||
search (execute) permission on the directory in which the socket is created.
|
||||
|
||||
On Linux,
|
||||
connecting to a stream socket object requires write permission on that socket;
|
||||
sending a datagram to a datagram socket likewise
|
||||
requires write permission on that socket.
|
||||
POSIX does not make any statement about the effect of the permissions
|
||||
on a socket file, and on many systems (e.g., several BSD derivatives),
|
||||
the socket permissions are ignored.
|
||||
Portable programs should not rely on
|
||||
this feature for security.
|
||||
|
||||
When creating a new socket, the owner and group of the socket file
|
||||
are set according to the usual rules.
|
||||
The socket file has all permissions enabled,
|
||||
other than those that are turned off by the process
|
||||
.BR umask (2).
|
||||
|
||||
The owner, group, and permissions of a pathname socket can be changed (using
|
||||
.BR chown (2)
|
||||
and
|
||||
.BR chmod (2)).
|
||||
.\" However, fchown() and fchmod() do not seem to have an effect
|
||||
.\"
|
||||
.SH BUGS
|
||||
When binding a socket to an address,
|
||||
Linux is one of the implementations that appends a null terminator
|
||||
|
|
|
|||
Loading…
Reference in New Issue