fs.fchmod on a socket
124 views
Skip to first unread message
Tim Kuijsten
Nov 17, 2014, 9:25:56 AM11/17/14
to nod...@googlegroups.com
I'd like to make a UNIX domain socket world writable after I've
chrooted. But I have two problems.
Using fs.open on a socket throws errno: -1, code: 'UNKNOWN'.
I've also tried to get a handle using net.connect:
var socket = net.connect(path);
var fd = socket._handle.fd;
fs.fchmod(fd, '666', ..
but this gives [Error: EINVAL, fchmod] errno: 18, code: 'EINVAL'
How can I get a file descriptor to a socket so that I can use fd.fchmod?
-Tim
chrooted. But I have two problems.
Using fs.open on a socket throws errno: -1, code: 'UNKNOWN'.
I've also tried to get a handle using net.connect:
var socket = net.connect(path);
var fd = socket._handle.fd;
fs.fchmod(fd, '666', ..
but this gives [Error: EINVAL, fchmod] errno: 18, code: 'EINVAL'
How can I get a file descriptor to a socket so that I can use fd.fchmod?
-Tim
Aredridel
Nov 17, 2014, 9:34:22 AM11/17/14
to Tim Kuijsten, nod...@googlegroups.com
Permissions on Unix domain sockets are ignored, but set initially in the metadata by the process umask.
Aria
> --
> Job board: http://jobs.nodejs.org/
> New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md
> Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
> ---
> You received this message because you are subscribed to the Google Groups "nodejs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+un...@googlegroups.com.
> To post to this group, send email to nod...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/5469F718.9090202%40netsend.nl.
> For more options, visit https://groups.google.com/d/optout.
James Nylen
Nov 17, 2014, 11:51:59 AM11/17/14
to nod...@googlegroups.com
Aria, according to man 7 unix [1], what you wrote only applies for BSD-derived systems, and on Linux, socket permissions are honored as expected.
as far as why you can't do this on Node.js... I'm not sure, there doesn't appear to be any special handling for sockets in the coreutils code.
To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/546a06c6.c371e50a.6654.7fd7SMTPIN_ADDED_BROKEN%40gmr-mx.google.com.
Tim Kuijsten
Nov 17, 2014, 11:53:21 AM11/17/14
to Aredridel, nod...@googlegroups.com
Aredridel schreef op 17-11-14 om 17:44:
> Correct: even mode 000, a socket can be connected to.
This is not my experience, like I said, when I don't use a process umask
of 000 (i.e. 022) I get an EACCES error when trying to write to the
socket with another user (since the socket is 755 and thus not world
writable).
-Tim
>
> On Nov 17, 2014 10:21 AM, Tim Kuijsten <in...@netsend.nl> wrote:
>>
>> I'm using umask 000 to make it world writable on creation, but AFAIK
>> this creates a race condition, I only want the process to be listening
>> on a world-writable socket after it's chrooted.
>>
>> When I don't use a process umask of 000 I get an EACCES error when
>> trying to write to the socket with another user (since it's 755).
>>
>> I just read in chmod(2) "[EINVAL] fd refers to a socket, not to a
>> file.". So with ignored you mean you can't chmod a socket after
>> creation, and not that permissions are ignored when accessing the socket?
>>
>> Is it possible to create a world writable socket and start listening
>> after I've chrooted to /var/empty?
>>
>> -Tim
>>
>> ps. I've read on SO socket permissions on unix are ignored, but I can
>> confirm this is not the case on OS X, and unix(4) on OpenBSD states
>> "Normal filesystem access-control mechanisms are also applied when
>> referencing pathnames; e.g., the destination of a connect(2) or
>> sendto(2) must be writable."
>>
>> Aredridel schreef op 17-11-14 om 15:28:
>>> Permissions on Unix domain sockets are ignored, but set initially in the metadata by the process umask.
>>>
>>> Aria
>>>
>>> On Nov 17, 2014 8:24 AM, Tim Kuijsten <in...@netsend.nl> wrote:
>>>>
>>>
>>> Aria
>>>
>>> On Nov 17, 2014 8:24 AM, Tim Kuijsten <in...@netsend.nl> wrote:
>>>>
Tim Kuijsten
Nov 17, 2014, 11:54:03 AM11/17/14
to Aredridel, nod...@googlegroups.com
I'm using umask 000 to make it world writable on creation, but AFAIK
this creates a race condition, I only want the process to be listening
on a world-writable socket after it's chrooted.
When I don't use a process umask of 000 I get an EACCES error when
trying to write to the socket with another user (since it's 755).
I just read in chmod(2) "[EINVAL] fd refers to a socket, not to a
file.". So with ignored you mean you can't chmod a socket after
creation, and not that permissions are ignored when accessing the socket?
Is it possible to create a world writable socket and start listening
after I've chrooted to /var/empty?
-Tim
ps. I've read on SO socket permissions on unix are ignored, but I can
confirm this is not the case on OS X, and unix(4) on OpenBSD states
"Normal filesystem access-control mechanisms are also applied when
referencing pathnames; e.g., the destination of a connect(2) or
sendto(2) must be writable."
Aredridel schreef op 17-11-14 om 15:28:
> Permissions on Unix domain sockets are ignored, but set initially in the metadata by the process umask.
>
> Aria
>
> On Nov 17, 2014 8:24 AM, Tim Kuijsten <in...@netsend.nl> wrote:
>>
this creates a race condition, I only want the process to be listening
on a world-writable socket after it's chrooted.
When I don't use a process umask of 000 I get an EACCES error when
trying to write to the socket with another user (since it's 755).
I just read in chmod(2) "[EINVAL] fd refers to a socket, not to a
file.". So with ignored you mean you can't chmod a socket after
creation, and not that permissions are ignored when accessing the socket?
Is it possible to create a world writable socket and start listening
after I've chrooted to /var/empty?
-Tim
ps. I've read on SO socket permissions on unix are ignored, but I can
confirm this is not the case on OS X, and unix(4) on OpenBSD states
"Normal filesystem access-control mechanisms are also applied when
referencing pathnames; e.g., the destination of a connect(2) or
sendto(2) must be writable."
Aredridel schreef op 17-11-14 om 15:28:
> Permissions on Unix domain sockets are ignored, but set initially in the metadata by the process umask.
>
> Aria
>
> On Nov 17, 2014 8:24 AM, Tim Kuijsten <in...@netsend.nl> wrote:
>>
Sam Roberts
Nov 17, 2014, 4:51:36 PM11/17/14
to nod...@googlegroups.com
On Mon, Nov 17, 2014 at 5:24 AM, Tim Kuijsten <in...@netsend.nl> wrote:
> I'd like to make a UNIX domain socket world writable after I've chrooted.
> But I have two problems.
>
> Using fs.open on a socket throws errno: -1, code: 'UNKNOWN'.
>
> I've also tried to get a handle using net.connect:
>
> var socket = net.connect(path);
> var fd = socket._handle.fd;
> fs.fchmod(fd, '666', ..
...
> I'd like to make a UNIX domain socket world writable after I've chrooted.
> But I have two problems.
>
> Using fs.open on a socket throws errno: -1, code: 'UNKNOWN'.
>
> I've also tried to get a handle using net.connect:
>
> var socket = net.connect(path);
> var fd = socket._handle.fd;
> fs.fchmod(fd, '666', ..
You can't do the things you tried at the system level, its not a node
limitation.
To create a unix domain socket and sets is mode atomically, you need
to set your umask
(http://nodejs.org/api/process.html#process_process_umask_mask).
To change the mode after-creation, use fs.chmod()
(http://nodejs.org/api/fs.html#fs_fs_chmod_path_mode_callback).
Reply all
Reply to author
Forward
0 new messages