UNIX Socket permissions (Linux)

Question

I am using UNIX sockets in C to develop a server. From the manual:

In the Linux implementation, sockets which are visible in the filesystem honor the per‐ missions of the directory they are in. Their owner, group and their permissions can be changed. Creation of a new socket will fail if the process does not have write and search (execute) permission on the directory the socket is created in. Connecting to the socket object requires read/write permission. This behavior differs from many BSD- derived systems which ignore permissions for UNIX domain sockets. Portable programs should not rely on this feature for security.

I have a path that is world writeable.

    $ ls -ld api
    drwxrwxrwx 2 root www-data 4096 Feb 15 21:57 api

A process under root creates a socket in this path:

    $  ls -l api/socket
    srwxr-xr-x 1 root root 0 Feb 15 21:57 api/socket

Another process that is running as a user cannot connect to the socket due to permissions issues. If I manually change socket permissions to be writeable by everyone, then other processes can successfully connect.

Why parent permissions are not enough to make the socket writeable as the doc says?
What is the best practice in that case?

score 10 · Accepted Answer · edited Jul 23 '18 at 01:50

10

1. Why parent permissions are not enough to make the socket writeable as the doc says?

The doc says

Connecting to the socket object requires read/write permission.

Parent permissions are only relevant for new socket creation, and that is all the doc says about it:

Creation of a new socket will fail if the process does not have write and search (execute) permission on the directory the socket is created in.

You are free to make your socket writeable:

Their owner, group and their permissions can be changed.

2. What is the best practice in that case?

Create a socket, and make it user's (man 2 chown). Or create a socket, and make it writeable (man 2 chmod).

edited Jul 23 '18 at 01:50

hashlash

897
8
19

answered Feb 16 '16 at 06:20

Amadan

191,408
23
240
301

Note that security wise, you do not want the wrong users to have access to your socket before you have a chance to do the `chown`/`chmod`. On Linux you can avoid a `fork()` by [using the `fchmod()` on the socket before the `bind()`](https://stackoverflow.com/questions/11781134/change-linux-socket-file-permissions/74329441#74329441). – Alexis Wilke Nov 05 '22 at 16:43

score 6 · Answer 2 · answered Mar 22 '17 at 15:06

6

Unix sockets are affected by the umask of your process which, by default, will likely be 0022 (its actually an inherited property from the parent process, by default). This seems to be reflected in your api/socket.

If you want your socket world-writeable, the easiest way would be for you app to call this before your socket is created and bound:

umask(0);

answered Mar 22 '17 at 15:06

RickTx9

69
1
1

One problem with `umask()` is that it's not multi-thread safe. So you could be affecting other file creation and you may not want to use 0 for their `umask`... [See one solution to do it safely on Linux](https://stackoverflow.com/questions/11781134/change-linux-socket-file-permissions/74329441#74329441). – Alexis Wilke Nov 05 '22 at 16:41

UNIX Socket permissions (Linux)

2 Answers2

Linked