[zeromq-dev] Setting privileges on a UNIX socket
Ale Strooisma
a.strooisma at student.utwente.nl
Fri May 27 11:30:20 CEST 2016
I got it working the way I wanted by setting the umask through systemd.
Thanks for the help!
On 26 May 2016 at 21:10, Michal Vyskocil <michal.vyskocil at gmail.com> wrote:
> Hi,
>
> it does not work in libzmq by automatically. However there is a socket
> option use_fd which will skip the open_socket/bind/listen part, which
> is exaclty your use case.
>
> The documentation of systemd part is here
> http://0pointer.de/blog/projects/socket-activation.html
>
> usage is pretty simple if you're using just one fd
> * call sd_listen_fds (1)
> * if result is 1, assign use_fd to SD_LISTEN_FDS_START
> * fail otherwise
>
> Here is the example of use_fd
> https://github.com/zeromq/libzmq/blob/master/tests/test_setsockopt.cpp#L86
>
> On Thu, May 26, 2016 at 12:34 PM, Ale Strooisma
> <a.strooisma at student.utwente.nl> wrote:
> > Hit send to quickly:
> >
> > There indeed seems to be a umask property available in systemd
> configuration
> > files (my program is initialized by systemd, hence the relevance).
> > Slight issue is that the program might also create log files, for
> example,
> > which would most likely require other permissions... but I suppose that
> is
> > insurmountable?
> >
> > Kind regards, Ale Strooisma
> >
> > On 26 May 2016 at 12:30, Ale Strooisma <a.strooisma at student.utwente.nl>
> > wrote:
> >>
> >> Sorry, I am not familiar with umask. As far as I understand, setting the
> >> umask determines what permissions new files created by the user have.
> >> However, in this case I need to specifically affect the files created by
> >> this specific program. Do you mean there is a way to run a program that
> >> determines what permissions a file created by it gets?
> >>
> >> On 26 May 2016 at 11:01, Arnaud Loonstra <arnaud at sphaero.org> wrote:
> >>>
> >>> I don't think zmq deals with permissions? The OS does. Shouldn't you be
> >>> using a umask?
> >>> What's your umask set at?
> >>>
> >>> Rg,
> >>>
> >>> Arnaud
> >>>
> >>> On 2016-05-26 10:49, Ale Strooisma wrote:
> >>>>
> >>>> I am using libzmq 4.0.5 - the one provided by EPEL for CentOS 7. I
> >>>> have never noticed any systemd support in zeromq.
> >>>>
> >>>> Yes I am using the chmod function from sys/stat.h with which I change
> >>>> the permissions on the socket file from 0755 to 0770. The socket is
> >>>> created in the tmp directory which has 1777.
> >>>>
> >>>> Just to make it clear: Id prefer not having to mess around with
> >>>> sockets outside ZeroMQ / my program.
> >>>>
> >>>> On 26 May 2016 at 10:30, Arnaud Loonstra <arnaud at sphaero.org [7]>
> >>>> wrote:
> >>>>
> >>>>> I might be misinformed but some of my first thoughts
> >>>>>
> >>>>> - what version of zeromq? Are you using zeromqs systemd support? I
> >>>>> recall we were hacking on this in the hackathon during FOSDEM.
> >>>>> Otherwise the socket fd might be unlinked which results in weird
> >>>>> behaviour.
> >>>>> - Are you using chmod C method or the shell command? Usually you
> >>>>> set permissions on the directory where the socket is created
> >>>>>
> >>>>> Rg,
> >>>>>
> >>>>> Arnaud
> >>>>> On 2016-05-25 17:30, Ale Strooisma wrote:
> >>>>>
> >>>>>> the previous update might be incorrect. Now it seems that I cant
> >>>>>> bind
> >>>>>> to a socket created by systemd (I got something like "address
> >>>>>> already
> >>>>>> in use"). If I connect to it instead with my server program,
> >>>>>> which
> >>>>>> uses a REP socket, it does receive messages, but cant seem to
> >>>>>> reply...
> >>>>>>
> >>>>>> Anyway, all in all it would be highly preferable to be able to
> >>>>>> set
> >>>>>> with which permissions the socket is created. Currently I am
> >>>>>> working
> >>>>>> around this issue by calling chmod after binding to the socket.
> >>>>>>
> >>>
> >>>
> >>> _______________________________________________
> >>> zeromq-dev mailing list
> >>> zeromq-dev at lists.zeromq.org
> >>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
> >>
> >>
> >
> >
> > _______________________________________________
> > zeromq-dev mailing list
> > zeromq-dev at lists.zeromq.org
> > http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
>
>
> --
> best regards
> Michal Vyskocil
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20160527/eb2f45b8/attachment.htm>
More information about the zeromq-dev
mailing list