[zeromq-dev] Setting privileges on a UNIX socket

Ale Strooisma a.strooisma at student.utwente.nl
Thu May 26 10:49:30 CEST 2016


I am using libzmq 4.0.5 - the one provided by EPEL for CentOS 7. I have
never noticed any systemd support in zeromq.

Yes I am using the chmod function from sys/stat.h with which I change the
permissions on the socket file from 0755 to 0770. The socket is created in
the tmp directory which has 1777.

Just to make it clear: I'd prefer not having to mess around with sockets
outside ZeroMQ / my program.

On 26 May 2016 at 10:30, Arnaud Loonstra <arnaud at sphaero.org> wrote:

> I might be misinformed but some of my first thoughts
>
> - what version of zeromq? Are you using zeromq's systemd support? I recall
> we were hacking on this in the hackathon during FOSDEM. Otherwise the
> socket fd might be unlinked which results in weird behaviour.
> - Are you using chmod C method or the shell command? Usually you set
> permissions on the directory where the socket is created
>
> Rg,
>
> Arnaud
> On 2016-05-25 17:30, Ale Strooisma wrote:
>
>> the previous update might be incorrect. Now it seems that I cant bind
>> to a socket created by systemd (I got something like "address already
>> in use"). If I connect to it instead with my server program, which
>> uses a REP socket, it does receive messages, but cant seem to reply...
>>
>> Anyway, all in all it would be highly preferable to be able to set
>> with which permissions the socket is created. Currently I am working
>> around this issue by calling chmod after binding to the socket.
>>
>> On 25 May 2016 at 14:50, Ale Strooisma <a.strooisma at student.utwente.nl
>> [2]> wrote:
>>
>> Okay, a bit of an update: I tried ensuring the socket was available
>>> using systemd, but when the program that binds to the port runs, it
>>> resets the privileges.
>>>
>>> On 25 May 2016 at 12:32, Ale Strooisma
>>> <a.strooisma at student.utwente.nl [1]> wrote:
>>>
>>> Hi all,
>>>>
>>>> For my program, I am using the ipc protocol. The unix socket used
>>>> needs to be accessible to various programs run by different users,
>>>> so I want to set group write privileges. How can I do this? Can I
>>>> set this using ZeroMQ from within the program that binds the
>>>> socket, or do I need to make sure the socket is in place with the
>>>> right privileges before running any of my programs? The latter
>>>> option would be rather unpractical of course.
>>>>
>>>> Kind regards,
>>>> Ale Strooisma
>>>>
>>>
>>
>>
>> Links:
>> ------
>> [1] mailto:a.strooisma at student.utwente.nl
>> [2] mailto:a.strooisma at student.utwente.nl
>>
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20160526/71394783/attachment.htm>


More information about the zeromq-dev mailing list