Bug #1272
closed
Set proper permissions for UNIX socket
100%
Description
There are two implications. One (acceptable) is that I have to run daemon as root, as only root on my machine is allowed to create sockets under /var/run (should we move back to /tmp?)
Second (not acceptable) is that I cannot write to NFD's socket as a normal user:
[cawka@cawka-mac ndn-cpp (master)]$ NFD=1 ./build/examples/producer
ERROR: error while connecting to the forwarder (Permission denied)
Basically we didn't set ga+w permission:
[cawka@cawka-mac ~]$ ls -al /var/run/ | grep nfd.sock
srwxr-xr-x 1 root daemon 0 Feb 18 19:25 nfd.sock
Small note about boost::filesystem. Unfortunately, API to set permissions is available only since 1.49, so we can't use it :(
Updated by Junxiao Shi about 10 years ago
The default UNIX stream listener should remain to be /var/run/nfd.sock, because NFD is supposed to be started with root privilege. There is a configuration option that allows operator to set a different listener path.
umask(2) allows setting file permissions before creating the file. It should also apply to sockets. See ccnd create_local_listener.
Updated by Davide Pesavento about 10 years ago
/var/run is the proper place for unix sockets: http://www.pathname.com/fhs/pub/fhs-2.3.html#VARRUNRUNTIMEVARIABLEDATA
Updated by Davide Pesavento about 10 years ago
- Status changed from New to Code review
- % Done changed from 0 to 100
Updated by Davide Pesavento about 10 years ago
The umask needs to be restored to the previous value after binding the socket, but if bind() throws the umask will never be restored. Therefore I chose to use chmod() for simplicity, rather than catching and rethrowing the exception.
Updated by Davide Pesavento about 10 years ago
- Status changed from Code review to Closed