[zeromq-dev] Setting privileges on a UNIX socket

Michal Vyskocil michal.vyskocil at gmail.com
Thu May 26 21:10:25 CEST 2016


it does not work in libzmq by automatically. However there is a socket
option use_fd which will skip the open_socket/bind/listen part, which
is exaclty your use case.

The documentation of systemd part is here

usage is pretty simple if you're using just one fd
 * call sd_listen_fds (1)
 * if result is 1, assign use_fd to SD_LISTEN_FDS_START
 * fail otherwise

Here is the example of use_fd

On Thu, May 26, 2016 at 12:34 PM, Ale Strooisma
<a.strooisma at student.utwente.nl> wrote:
> Hit send to quickly:
> There indeed seems to be a umask property available in systemd configuration
> files (my program is initialized by systemd, hence the relevance).
> Slight issue is that the program might also create log files, for example,
> which would most likely require other permissions... but I suppose that is
> insurmountable?
> Kind regards, Ale Strooisma
> On 26 May 2016 at 12:30, Ale Strooisma <a.strooisma at student.utwente.nl>
> wrote:
>> Sorry, I am not familiar with umask. As far as I understand, setting the
>> umask determines what permissions new files created by the user have.
>> However, in this case I need to specifically affect the files created by
>> this specific program. Do you mean there is a way to run a program that
>> determines what permissions a file created by it gets?
>> On 26 May 2016 at 11:01, Arnaud Loonstra <arnaud at sphaero.org> wrote:
>>> I don't think zmq deals with permissions? The OS does. Shouldn't you be
>>> using a umask?
>>> What's your umask set at?
>>> Rg,
>>> Arnaud
>>> On 2016-05-26 10:49, Ale Strooisma wrote:
>>>> I am using libzmq 4.0.5 - the one provided by EPEL for CentOS 7. I
>>>> have never noticed any systemd support in zeromq.
>>>> Yes I am using the chmod function from sys/stat.h with which I change
>>>> the permissions on the socket file from 0755 to 0770. The socket is
>>>> created in the tmp directory which has 1777.
>>>> Just to make it clear: Id prefer not having to mess around with
>>>> sockets outside ZeroMQ / my program.
>>>> On 26 May 2016 at 10:30, Arnaud Loonstra <arnaud at sphaero.org [7]>
>>>> wrote:
>>>>> I might be misinformed but some of my first thoughts
>>>>> - what version of zeromq? Are you using zeromqs systemd support? I
>>>>> recall we were hacking on this in the hackathon during FOSDEM.
>>>>> Otherwise the socket fd might be unlinked which results in weird
>>>>> behaviour.
>>>>> - Are you using chmod C method or the shell command? Usually you
>>>>> set permissions on the directory where the socket is created
>>>>> Rg,
>>>>> Arnaud
>>>>> On 2016-05-25 17:30, Ale Strooisma wrote:
>>>>>> the previous update might be incorrect. Now it seems that I cant
>>>>>> bind
>>>>>> to a socket created by systemd (I got something like "address
>>>>>> already
>>>>>> in use"). If I connect to it instead with my server program,
>>>>>> which
>>>>>> uses a REP socket, it does receive messages, but cant seem to
>>>>>> reply...
>>>>>> Anyway, all in all it would be highly preferable to be able to
>>>>>> set
>>>>>> with which permissions the socket is created. Currently I am
>>>>>> working
>>>>>> around this issue by calling chmod after binding to the socket.
>>> _______________________________________________
>>> zeromq-dev mailing list
>>> zeromq-dev at lists.zeromq.org
>>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev

best regards
     Michal Vyskocil

More information about the zeromq-dev mailing list