[zeromq-dev] Setting privileges on a UNIX socket
Michal Vyskocil
michal.vyskocil at gmail.com
Thu May 26 21:10:25 CEST 2016
Hi,
it does not work in libzmq by automatically. However there is a socket
option use_fd which will skip the open_socket/bind/listen part, which
is exaclty your use case.
The documentation of systemd part is here
http://0pointer.de/blog/projects/socket-activation.html
usage is pretty simple if you're using just one fd
* call sd_listen_fds (1)
* if result is 1, assign use_fd to SD_LISTEN_FDS_START
* fail otherwise
Here is the example of use_fd
https://github.com/zeromq/libzmq/blob/master/tests/test_setsockopt.cpp#L86
On Thu, May 26, 2016 at 12:34 PM, Ale Strooisma
<a.strooisma at student.utwente.nl> wrote:
> Hit send to quickly:
>
> There indeed seems to be a umask property available in systemd configuration
> files (my program is initialized by systemd, hence the relevance).
> Slight issue is that the program might also create log files, for example,
> which would most likely require other permissions... but I suppose that is
> insurmountable?
>
> Kind regards, Ale Strooisma
>
> On 26 May 2016 at 12:30, Ale Strooisma <a.strooisma at student.utwente.nl>
> wrote:
>>
>> Sorry, I am not familiar with umask. As far as I understand, setting the
>> umask determines what permissions new files created by the user have.
>> However, in this case I need to specifically affect the files created by
>> this specific program. Do you mean there is a way to run a program that
>> determines what permissions a file created by it gets?
>>
>> On 26 May 2016 at 11:01, Arnaud Loonstra <arnaud at sphaero.org> wrote:
>>>
>>> I don't think zmq deals with permissions? The OS does. Shouldn't you be
>>> using a umask?
>>> What's your umask set at?
>>>
>>> Rg,
>>>
>>> Arnaud
>>>
>>> On 2016-05-26 10:49, Ale Strooisma wrote:
>>>>
>>>> I am using libzmq 4.0.5 - the one provided by EPEL for CentOS 7. I
>>>> have never noticed any systemd support in zeromq.
>>>>
>>>> Yes I am using the chmod function from sys/stat.h with which I change
>>>> the permissions on the socket file from 0755 to 0770. The socket is
>>>> created in the tmp directory which has 1777.
>>>>
>>>> Just to make it clear: Id prefer not having to mess around with
>>>> sockets outside ZeroMQ / my program.
>>>>
>>>> On 26 May 2016 at 10:30, Arnaud Loonstra <arnaud at sphaero.org [7]>
>>>> wrote:
>>>>
>>>>> I might be misinformed but some of my first thoughts
>>>>>
>>>>> - what version of zeromq? Are you using zeromqs systemd support? I
>>>>> recall we were hacking on this in the hackathon during FOSDEM.
>>>>> Otherwise the socket fd might be unlinked which results in weird
>>>>> behaviour.
>>>>> - Are you using chmod C method or the shell command? Usually you
>>>>> set permissions on the directory where the socket is created
>>>>>
>>>>> Rg,
>>>>>
>>>>> Arnaud
>>>>> On 2016-05-25 17:30, Ale Strooisma wrote:
>>>>>
>>>>>> the previous update might be incorrect. Now it seems that I cant
>>>>>> bind
>>>>>> to a socket created by systemd (I got something like "address
>>>>>> already
>>>>>> in use"). If I connect to it instead with my server program,
>>>>>> which
>>>>>> uses a REP socket, it does receive messages, but cant seem to
>>>>>> reply...
>>>>>>
>>>>>> Anyway, all in all it would be highly preferable to be able to
>>>>>> set
>>>>>> with which permissions the socket is created. Currently I am
>>>>>> working
>>>>>> around this issue by calling chmod after binding to the socket.
>>>>>>
>>>
>>>
>>> _______________________________________________
>>> zeromq-dev mailing list
>>> zeromq-dev at lists.zeromq.org
>>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>>
>>
>
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
--
best regards
Michal Vyskocil
More information about the zeromq-dev
mailing list