[zeromq-dev] Setting privileges on a UNIX socket

Luca Boccassi luca.boccassi at gmail.com
Wed May 25 19:34:33 CEST 2016


Hi Ale,

If you have systemd managing your socket with a socket unit, it will
create and bind it for you, so that's why it's saying it's already in
use.

Are you using the ZMQ_USE_FD API? I added that exactly for
systemd-managed sockets.

If you use CZMQ, you just have to set either the env var
ZSYS_AUTO_USE_FD=1 or the runtime var via the zsys_set_auto_use_fd(1)
function call, and then if the ZMQ endpoint matches a socket managed by
systemd, it will all work out automagically and ZMQ will use the file
descriptor passed by systemd.

If you are using just libzmq, you'll have to get the file descriptor
yourself from the systemd APIs, and then use the ZMQ_USE_FD
zmq_setsockopt call to pass it down after creating a socket and before
binding it.

Note that this is available only on the master branches of libzmq and
czmq, not in any released version yet.

Kind regards,
Luca Boccassi

On Wed, 2016-05-25 at 17:30 +0200, Ale Strooisma wrote:
> the previous update might be incorrect. Now it seems that I can't bind to a
> socket created by systemd (I got something like "address already in use").
> If I connect to it instead with my 'server' program, which uses a REP
> socket, it does receive messages, but can't seem to reply...
> 
> Anyway, all in all it would be highly preferable to be able to set with
> which permissions the socket is created. Currently I am working around this
> issue by calling chmod after binding to the socket.
> 
> On 25 May 2016 at 14:50, Ale Strooisma <a.strooisma at student.utwente.nl>
> wrote:
> 
> > Okay, a bit of an update: I tried ensuring the socket was available using
> > systemd, but when the program that binds to the port runs, it resets the
> > privileges.
> >
> > On 25 May 2016 at 12:32, Ale Strooisma <a.strooisma at student.utwente.nl>
> > wrote:
> >
> >> Hi all,
> >>
> >> For my program, I am using the ipc protocol. The unix socket used needs
> >> to be accessible to various programs run by different users, so I want to
> >> set group write privileges. How can I do this? Can I set this using ZeroMQ
> >> from within the program that binds the socket, or do I need to make sure
> >> the socket is in place with the right privileges before running any of my
> >> programs? The latter option would be rather unpractical of course.
> >>
> >> Kind regards,
> >> Ale Strooisma
> >>
> >
> >
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20160525/f10397a3/attachment.sig>


More information about the zeromq-dev mailing list