tags:

views:

44

answers:

2
+1  Q: 

UNIX domain sockets not accessable across users?

I'm running a client/server application on Red Hat Enterprise using ZMQ for message passing. The IPC socket used to associate a client with the server is implemented using a Unix domain socket.

If user A starts the server process, it seems like only clients started by user A can connect to and communicate over that socket. Our project requires that the clients be able to be run by different users, so this is a major sticking point.

The socket is located at /tmp/ipc_assoc with default 755 permissions. chmod 777 does not fix the problem. chown userB allows user B to access the socket, but user A then loses access. Not even root can access the socket. There is no ACL or SeLinux in use on the machine.

Is this typical behavior for Unix domain sockets? Has anyone figured out how to work around it?

A: 

Have you tried adding UserA and UserB into a common user group?

Adrian Regan  2010-08-11 12:09:14
Everyone seems to be in the same group already.
Dana Leonard  2010-08-11 12:18:32
Is is a symbolic link to another file with different permissions?
Adrian Regan  2010-08-11 12:33:00
No, if you run `ls -l` on the socket, it prints out "srwxr-xr-x ... ipc_assoc"
Dana Leonard  2010-08-11 14:22:10
Well, this seems to show that the socket is only r/w/x for the owner, not the group. When you create the file in the server process, it will use the umask for the process 755, programatically change either the mask, or chmod the file to 770.
Adrian Regan  2010-08-11 14:26:24
A: 

With some assistance from the ZMQ mailing list, I have made a work around. It's ugly, but seems to work consistently.

I had to make a subdirectory under /tmp and chmod 777 it. The server now creates the socket in that new folder. It also programmatically chmod 777 the socket. Now, as long as the server is run as root, any user can run a client and talk to the server.

I don't know why UNIX domain socket behave this way, but it sure is annoying.

Dana Leonard  2010-08-11 14:19:29

related questions

How do I get the external IP of a socket in Python?
How Do Sockets Work in C?
How do you send and receive UDP packets in Java on a multihomed machine?
Can't Re-bind a socket to an existing IP/Port Combination
Reading from a socket in C#
Sockets and Processes in Java
Stream data (such as music) using PHP (or another language)
How to forcibly close a socket in TIME_WAIT?
How do I make persistent network sockets on Unix in Ruby?
What's the idiomatic way to do async socket programming in Delphi?
How do you minimize the number of threads used in a tcp server application?
WSACancelBlockingCall exception
C# Performance For Proxy Server (vs C++)
How to get your own (local) IP-Address from an udp-socket (C/C++)
Free Network Monitor
Reconnect logic with connectivity notifications
Maximum buffer length for sendto?
Configure a Java Socket to fail-fast on disconnect?
Sockets in Pascal
Firefox plugin - sockets
How can I determine the IP of my router/gateway in Java?
ActionScript 3.0 sockets can't reconnect
Reverse DNS in Ruby?
Asynchronous multi-direction server-client communication over the same open socket?
How to use the C socket API in C++ on z/OS