mirror of https://github.com/mkerrisk/man-pages
unix.7: Move discussion on pathname socket permissions to DESCRIPTION
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
b2bbcdb6ac
commit
9f213833a4
57
man7/unix.7
57
man7/unix.7
|
@ -223,6 +223,35 @@ if the output value exceeds the input value,
|
||||||
then there is no guarantee that a null terminator is present in
|
then there is no guarantee that a null terminator is present in
|
||||||
.IR sun_path .
|
.IR sun_path .
|
||||||
(See BUGS.)
|
(See BUGS.)
|
||||||
|
.\"
|
||||||
|
.SS Pathname socket ownership and permissions
|
||||||
|
In the Linux implementation,
|
||||||
|
pathname sockets honor the permissions of the directory they are in.
|
||||||
|
Creation of a new socket will fail if the process does not have write and
|
||||||
|
search (execute) permission on the directory in which the socket is created.
|
||||||
|
|
||||||
|
On Linux,
|
||||||
|
connecting to a stream socket object requires write permission on that socket;
|
||||||
|
sending a datagram to a datagram socket likewise
|
||||||
|
requires write permission on that socket.
|
||||||
|
POSIX does not make any statement about the effect of the permissions
|
||||||
|
on a socket file, and on many systems (e.g., several BSD derivatives),
|
||||||
|
the socket permissions are ignored.
|
||||||
|
Portable programs should not rely on
|
||||||
|
this feature for security.
|
||||||
|
|
||||||
|
When creating a new socket, the owner and group of the socket file
|
||||||
|
are set according to the usual rules.
|
||||||
|
The socket file has all permissions enabled,
|
||||||
|
other than those that are turned off by the process
|
||||||
|
.BR umask (2).
|
||||||
|
|
||||||
|
The owner, group, and permissions of a pathname socket can be changed (using
|
||||||
|
.BR chown (2)
|
||||||
|
and
|
||||||
|
.BR chmod (2)).
|
||||||
|
.\" However, fchown() and fchmod() do not seem to have an effect
|
||||||
|
.\"
|
||||||
.SS Socket options
|
.SS Socket options
|
||||||
For historical reasons, these socket options are specified with a
|
For historical reasons, these socket options are specified with a
|
||||||
.B SOL_SOCKET
|
.B SOL_SOCKET
|
||||||
|
@ -522,34 +551,6 @@ call.
|
||||||
|
|
||||||
UNIX domain stream sockets do not support the notion of out-of-band data.
|
UNIX domain stream sockets do not support the notion of out-of-band data.
|
||||||
.\"
|
.\"
|
||||||
.SS Socket ownership and permissions
|
|
||||||
In the Linux implementation,
|
|
||||||
pathname sockets honor the permissions of the directory they are in.
|
|
||||||
Creation of a new socket will fail if the process does not have write and
|
|
||||||
search (execute) permission on the directory in which the socket is created.
|
|
||||||
|
|
||||||
On Linux,
|
|
||||||
connecting to a stream socket object requires write permission on that socket;
|
|
||||||
sending a datagram to a datagram socket likewise
|
|
||||||
requires write permission on that socket.
|
|
||||||
POSIX does not make any statement about the effect of the permissions
|
|
||||||
on a socket file, and on many systems (e.g., several BSD derivatives),
|
|
||||||
the socket permissions are ignored.
|
|
||||||
Portable programs should not rely on
|
|
||||||
this feature for security.
|
|
||||||
|
|
||||||
When creating a new socket, the owner and group of the socket file
|
|
||||||
are set according to the usual rules.
|
|
||||||
The socket file has all permissions enabled,
|
|
||||||
other than those that are turned off by the process
|
|
||||||
.BR umask (2).
|
|
||||||
|
|
||||||
The owner, group, and permissions of a pathname socket can be changed (using
|
|
||||||
.BR chown (2)
|
|
||||||
and
|
|
||||||
.BR chmod (2)).
|
|
||||||
.\" However, fchown() and fchmod() do not seem to have an effect
|
|
||||||
.\"
|
|
||||||
.SH BUGS
|
.SH BUGS
|
||||||
When binding a socket to an address,
|
When binding a socket to an address,
|
||||||
Linux is one of the implementations that appends a null terminator
|
Linux is one of the implementations that appends a null terminator
|
||||||
|
|
Loading…
Reference in New Issue