[zeromq-dev] IPC path permissions

Santosh_Bidaralli at Dell.com Santosh_Bidaralli at Dell.com
Tue Feb 10 19:07:12 CET 2015


Hi All,

I am trying to create broker based client-server apps by referring to ZMQ guide. I am unable to detect IPC path permission error when an invalid user tries to connect using zmq_connect().

Following steps explain the test scenario in detail:

1.       Create a ZMQ broker that stores its IPC socket in a directory "/var/run/ipcs"

a.       ZMQ broker runs with a specific user and group (ex: zuser and zgroup respectively)

b.      "/var/run/ipcs" has permissions for all the users that belong to "zgroup" (permissions = drwxrws---)

c.       IPC path example "ipc:///var/run/ipcs/broker.ipc" (permissions = drwxrws---)



2.       Create a service provider that listens to request from broker

a.       Service provider runs as a user "zservice" that belongs to "zgroup"



3.       Create a client that connects to ZMQ broker's IPC path "ipc:///var/run/ipcs/broker.ipc" and sends the requests

a.       If the client runs with a user that belongs to "zgroup" everything works fine

b.      If the client runs with invalid a user such as "nobody" that does not belong to "zgroup", it does not return any error. In turn zmq_connect() and zmq_send() returns success and zmq_recv() waits forever (ZMQ_REP socket).

Can you please let me know how do I get an appropriate error such as "Permission Denied" in case of an invalid user trying to connect to broker's IPC?

Thanks,
Santosh Bidaralli
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20150210/4dbe06b5/attachment.htm>


More information about the zeromq-dev mailing list