[zeromq-dev] IPC path permissions

Santosh_Bidaralli at Dell.com Santosh_Bidaralli at Dell.com
Tue Feb 10 20:31:39 CET 2015 

Thanks for the response Pieter. However our requirement is to fail when an unauthorized user tries to connect with broker, so we would like to detect and deny an invalid user trying to connect.

Thanks,
Santosh

-----Original Message-----
From: zeromq-dev-bounces at lists.zeromq.org [mailto:zeromq-dev-bounces at lists.zeromq.org] On Behalf Of Pieter Hintjens
Sent: Tuesday, February 10, 2015 12:40 PM
To: ZeroMQ development list
Subject: Re: [zeromq-dev] IPC path permissions

If you are running on Linux I'd strongly advise using abstract IPC endpoints, which don't need special permissions. "ipc://@/somename".


On Tue, Feb 10, 2015 at 7:07 PM,  <Santosh_Bidaralli at dell.com> wrote:
> Hi All,
>
>
>
> I am trying to create broker based client-server apps by referring to 
> ZMQ guide. I am unable to detect IPC path permission error when an 
> invalid user tries to connect using zmq_connect().
>
>
>
> Following steps explain the test scenario in detail:
>
> 1.       Create a ZMQ broker that stores its IPC socket in a directory
> “/var/run/ipcs”
>
> a.       ZMQ broker runs with a specific user and group (ex: zuser and
> zgroup respectively)
>
> b.      “/var/run/ipcs” has permissions for all the users that belong to
> “zgroup” (permissions = drwxrws---)
>
> c.       IPC path example “ipc:///var/run/ipcs/broker.ipc” (permissions =
> drwxrws---)
>
>
>
> 2.       Create a service provider that listens to request from broker
>
> a.       Service provider runs as a user “zservice” that belongs to “zgroup”
>
>
>
> 3.       Create a client that connects to ZMQ broker’s IPC path
>ipc:///var/run/ipcs/broker.ipc” and sends the requests
>
> a.       If the client runs with a user that belongs to “zgroup” everything
> works fine
>
> b.      If the client runs with invalid a user such as “nobody” that does
> not belong to “zgroup”, it does not return any error. In turn 
> zmq_connect() and zmq_send() returns success and zmq_recv() waits 
> forever (ZMQ_REP socket).
>
>
>
> Can you please let me know how do I get an appropriate error such as 
> “Permission Denied” in case of an invalid user trying to connect to 
> broker’s IPC?
>
>
>
> Thanks,
>
> Santosh Bidaralli
>
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
_______________________________________________
zeromq-dev mailing list
zeromq-dev at lists.zeromq.org
http://lists.zeromq.org/mailman/listinfo/zeromq-dev

More information about the zeromq-dev mailing list