From 9f213833a4368b41e768e72fd5474092537f2ec3 Mon Sep 17 00:00:00 2001 From: Michael Kerrisk Date: Mon, 20 Jun 2016 11:14:27 +0200 Subject: [PATCH] unix.7: Move discussion on pathname socket permissions to DESCRIPTION Signed-off-by: Michael Kerrisk --- man7/unix.7 | 57 +++++++++++++++++++++++++++-------------------------- 1 file changed, 29 insertions(+), 28 deletions(-) diff --git a/man7/unix.7 b/man7/unix.7 index c4f8a8545..f21442745 100644 --- a/man7/unix.7 +++ b/man7/unix.7 @@ -223,6 +223,35 @@ if the output value exceeds the input value, then there is no guarantee that a null terminator is present in .IR sun_path . (See BUGS.) +.\" +.SS Pathname socket ownership and permissions +In the Linux implementation, +pathname sockets honor the permissions of the directory they are in. +Creation of a new socket will fail if the process does not have write and +search (execute) permission on the directory in which the socket is created. + +On Linux, +connecting to a stream socket object requires write permission on that socket; +sending a datagram to a datagram socket likewise +requires write permission on that socket. +POSIX does not make any statement about the effect of the permissions +on a socket file, and on many systems (e.g., several BSD derivatives), +the socket permissions are ignored. +Portable programs should not rely on +this feature for security. + +When creating a new socket, the owner and group of the socket file +are set according to the usual rules. +The socket file has all permissions enabled, +other than those that are turned off by the process +.BR umask (2). + +The owner, group, and permissions of a pathname socket can be changed (using +.BR chown (2) +and +.BR chmod (2)). +.\" However, fchown() and fchmod() do not seem to have an effect +.\" .SS Socket options For historical reasons, these socket options are specified with a .B SOL_SOCKET @@ -522,34 +551,6 @@ call. UNIX domain stream sockets do not support the notion of out-of-band data. .\" -.SS Socket ownership and permissions -In the Linux implementation, -pathname sockets honor the permissions of the directory they are in. -Creation of a new socket will fail if the process does not have write and -search (execute) permission on the directory in which the socket is created. - -On Linux, -connecting to a stream socket object requires write permission on that socket; -sending a datagram to a datagram socket likewise -requires write permission on that socket. -POSIX does not make any statement about the effect of the permissions -on a socket file, and on many systems (e.g., several BSD derivatives), -the socket permissions are ignored. -Portable programs should not rely on -this feature for security. - -When creating a new socket, the owner and group of the socket file -are set according to the usual rules. -The socket file has all permissions enabled, -other than those that are turned off by the process -.BR umask (2). - -The owner, group, and permissions of a pathname socket can be changed (using -.BR chown (2) -and -.BR chmod (2)). -.\" However, fchown() and fchmod() do not seem to have an effect -.\" .SH BUGS When binding a socket to an address, Linux is one of the implementations that appends a null terminator