Unix Socket 文件的权限问题
323 views
Skip to first unread message
源泉星火(张明源)
Jan 6, 2012, 2:52:36 AM1/6/12
to fuji...@googlegroups.com
比如nginx与php-fpm,
在php-fpm中
listen = /dev/shm/bbs.socket
listen.mode = 0222
在nginx中配置如下:
fastcgi_pass unix://dev/shm/bbs.socket;
便可以使用(我用phpfilemanager测试的)
但为什么默认是0666呢?而且我Google了一下,发现大多默认都是0666,比如uwsgi,mysql/pgsql则是0777
0222就可以用,为什么还要0666呢?
在pgsql的文档中,我找到一句话:
only write permission matters and so there is no point in setting or revoking read or execute permissions.)
关于unix socket的权限,请教一下大家
mathslinux
Jan 6, 2012, 5:03:56 AM1/6/12
to fuji...@googlegroups.com
在 man 7 unix 上找到一句话,
In the Linux implementation, sockets which are visible in the file system
honor the permissions of the directory they are in. Their owner, group and
their permissions can be changed. Creation of a new socket will fail if the
process does not have write and search (execute) permission on the directory
the socket is created in. Connecting to the socket object requires
read/write permission. This behavior differs from many BSD-derived systems
which ignore permissions for UNIX domain sockets. Portable programs should
not rely on this feature for security.
Connecting to the socket object requires, read/write permission. 但似乎如果 是 unix domain socket 的话,
最后两个位都是无效的.
我猜想有一些移植性的考虑.
--
linuxer and emacser and pythoner living in xiamen
blog: http://mathslinux.org
twitter: https://twitter.com/mathslinux
google+: https://plus.google.com/118129852578326338750
In the Linux implementation, sockets which are visible in the file system
honor the permissions of the directory they are in. Their owner, group and
their permissions can be changed. Creation of a new socket will fail if the
process does not have write and search (execute) permission on the directory
the socket is created in. Connecting to the socket object requires
read/write permission. This behavior differs from many BSD-derived systems
which ignore permissions for UNIX domain sockets. Portable programs should
not rely on this feature for security.
Connecting to the socket object requires, read/write permission. 但似乎如果 是 unix domain socket 的话,
最后两个位都是无效的.
我猜想有一些移植性的考虑.
--
如要订阅mailing list,请发送邮件至 fujianlug...@googlegroups.com
如要取消订阅,请发送邮件至 fujianlug+...@googlegroups.com
如在订阅后要参与讨论,请发邮件至 fuji...@googlegroups.com
--
linuxer and emacser and pythoner living in xiamen
blog: http://mathslinux.org
twitter: https://twitter.com/mathslinux
google+: https://plus.google.com/118129852578326338750
陈学芹
Jan 6, 2012, 10:38:44 AM1/6/12
to fuji...@googlegroups.com
在 2012年1月6日 下午3:52,源泉星火(张明源) <zhangmin...@gmail.com> 写道:
> 比如nginx与php-fpm,
> 在php-fpm中
> listen = /dev/shm/bbs.socket
> listen.mode = 0222
> 在nginx中配置如下:
> fastcgi_pass unix://dev/shm/bbs.socket;
> 便可以使用(我用phpfilemanager测试的)
>
> 但为什么默认是0666呢?而且我Google了一下,发现大多默认都是0666,比如uwsgi,mysql/pgsql则是0777
>
> 在php-fpm中
> listen = /dev/shm/bbs.socket
> listen.mode = 0222
> 在nginx中配置如下:
> fastcgi_pass unix://dev/shm/bbs.socket;
> 便可以使用(我用phpfilemanager测试的)
>
> 但为什么默认是0666呢?而且我Google了一下,发现大多默认都是0666,比如uwsgi,mysql/pgsql则是0777
>
unix socket是服务器进程创建的,设置为0666即 rw-rw-rw-的模式这很符合逻辑阿,
客户端进程需要打开这个sokcet与服务端通讯,通讯就包括对该文件的读和写,
只有w的权限的话,也是不符合逻辑阿
--
/*
*@author: chen xueqin
*@email: robb...@gmail.com
*@see: http://robbie.bokee.com
*@see: http://groups.google.com/group/fzlug
*@love: freedom,tux,open source
*/
源泉星火(张明源)
Jan 6, 2012, 10:04:08 PM1/6/12
to fuji...@googlegroups.com
嗯,只有写是很不符合逻辑。
难道真是为了移植考虑?
--
如要订阅mailing list,请发送邮件至 fujianlug...@googlegroups.com
如要取消订阅,请发送邮件至 fujianlug+...@googlegroups.com
如在订阅后要参与讨论,请发邮件至 fuji...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages