[zeromq-dev] Setting privileges on a UNIX socket

Ale Strooisma a.strooisma at student.utwente.nl
Thu May 26 09:13:36 CEST 2016


I only have the EPEL7 version of libzmq available, so those options won't
work for me, sadly.
Also I'd rather not use systemd to create the socket, but leave it to
ZeroMQ (in my program).

It seems like there is no way to set the permissions on a unix socket - is
this correct?
Would it make sense to add this as a zmq_setsockopt option called
ZMQ_IPC_UMASK, or something like that?

Kind regards,
Ale Strooisma

On 25 May 2016 at 19:34, Luca Boccassi <luca.boccassi at gmail.com> wrote:

> Hi Ale,
>
> If you have systemd managing your socket with a socket unit, it will
> create and bind it for you, so that's why it's saying it's already in
> use.
>
> Are you using the ZMQ_USE_FD API? I added that exactly for
> systemd-managed sockets.
>
> If you use CZMQ, you just have to set either the env var
> ZSYS_AUTO_USE_FD=1 or the runtime var via the zsys_set_auto_use_fd(1)
> function call, and then if the ZMQ endpoint matches a socket managed by
> systemd, it will all work out automagically and ZMQ will use the file
> descriptor passed by systemd.
>
> If you are using just libzmq, you'll have to get the file descriptor
> yourself from the systemd APIs, and then use the ZMQ_USE_FD
> zmq_setsockopt call to pass it down after creating a socket and before
> binding it.
>
> Note that this is available only on the master branches of libzmq and
> czmq, not in any released version yet.
>
> Kind regards,
> Luca Boccassi
>
> On Wed, 2016-05-25 at 17:30 +0200, Ale Strooisma wrote:
> > the previous update might be incorrect. Now it seems that I can't bind
> to a
> > socket created by systemd (I got something like "address already in
> use").
> > If I connect to it instead with my 'server' program, which uses a REP
> > socket, it does receive messages, but can't seem to reply...
> >
> > Anyway, all in all it would be highly preferable to be able to set with
> > which permissions the socket is created. Currently I am working around
> this
> > issue by calling chmod after binding to the socket.
> >
> > On 25 May 2016 at 14:50, Ale Strooisma <a.strooisma at student.utwente.nl>
> > wrote:
> >
> > > Okay, a bit of an update: I tried ensuring the socket was available
> using
> > > systemd, but when the program that binds to the port runs, it resets
> the
> > > privileges.
> > >
> > > On 25 May 2016 at 12:32, Ale Strooisma <a.strooisma at student.utwente.nl
> >
> > > wrote:
> > >
> > >> Hi all,
> > >>
> > >> For my program, I am using the ipc protocol. The unix socket used
> needs
> > >> to be accessible to various programs run by different users, so I
> want to
> > >> set group write privileges. How can I do this? Can I set this using
> ZeroMQ
> > >> from within the program that binds the socket, or do I need to make
> sure
> > >> the socket is in place with the right privileges before running any
> of my
> > >> programs? The latter option would be rather unpractical of course.
> > >>
> > >> Kind regards,
> > >> Ale Strooisma
> > >>
> > >
> > >
> > _______________________________________________
> > zeromq-dev mailing list
> > zeromq-dev at lists.zeromq.org
> > http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
>
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20160526/cdd76e35/attachment.htm>


More information about the zeromq-dev mailing list