[zeromq-dev] IPC path permissions

Pieter Hintjens ph at imatix.com
Tue Feb 10 19:39:39 CET 2015


If you are running on Linux I'd strongly advise using abstract IPC
endpoints, which don't need special permissions. "ipc://@/somename".


On Tue, Feb 10, 2015 at 7:07 PM,  <Santosh_Bidaralli at dell.com> wrote:
> Hi All,
>
>
>
> I am trying to create broker based client-server apps by referring to ZMQ
> guide. I am unable to detect IPC path permission error when an invalid user
> tries to connect using zmq_connect().
>
>
>
> Following steps explain the test scenario in detail:
>
> 1.       Create a ZMQ broker that stores its IPC socket in a directory
> “/var/run/ipcs”
>
> a.       ZMQ broker runs with a specific user and group (ex: zuser and
> zgroup respectively)
>
> b.      “/var/run/ipcs” has permissions for all the users that belong to
> “zgroup” (permissions = drwxrws---)
>
> c.       IPC path example “ipc:///var/run/ipcs/broker.ipc” (permissions =
> drwxrws---)
>
>
>
> 2.       Create a service provider that listens to request from broker
>
> a.       Service provider runs as a user “zservice” that belongs to “zgroup”
>
>
>
> 3.       Create a client that connects to ZMQ broker’s IPC path
>ipc:///var/run/ipcs/broker.ipc” and sends the requests
>
> a.       If the client runs with a user that belongs to “zgroup” everything
> works fine
>
> b.      If the client runs with invalid a user such as “nobody” that does
> not belong to “zgroup”, it does not return any error. In turn zmq_connect()
> and zmq_send() returns success and zmq_recv() waits forever (ZMQ_REP
> socket).
>
>
>
> Can you please let me know how do I get an appropriate error such as
> “Permission Denied” in case of an invalid user trying to connect to broker’s
> IPC?
>
>
>
> Thanks,
>
> Santosh Bidaralli
>
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>



More information about the zeromq-dev mailing list