FAQ
I'd like to make a UNIX domain socket world writable after I've
chrooted. But I have two problems.

Using fs.open on a socket throws errno: -1, code: 'UNKNOWN'.

I've also tried to get a handle using net.connect:

var socket = net.connect(path);
var fd = socket._handle.fd;
fs.fchmod(fd, '666', ..

but this gives [Error: EINVAL, fchmod] errno: 18, code: 'EINVAL'

How can I get a file descriptor to a socket so that I can use fd.fchmod?

-Tim

--
Job board: http://jobs.nodejs.org/
New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md
Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
---
You received this message because you are subscribed to the Google Groups "nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscribe@googlegroups.com.
To post to this group, send email to nodejs@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/5469F718.9090202%40netsend.nl.
For more options, visit https://groups.google.com/d/optout.

Search Discussions

  • Aredridel at Nov 17, 2014 at 2:34 pm
    Permissions on Unix domain sockets are ignored, but set initially in the metadata by the process umask.

    Aria
    On Nov 17, 2014 8:24 AM, Tim Kuijsten wrote:

    I'd like to make a UNIX domain socket world writable after I've
    chrooted. But I have two problems.

    Using fs.open on a socket throws errno: -1, code: 'UNKNOWN'.

    I've also tried to get a handle using net.connect:

    var socket = net.connect(path);
    var fd = socket._handle.fd;
    fs.fchmod(fd, '666', ..

    but this gives [Error: EINVAL, fchmod] errno: 18, code: 'EINVAL'

    How can I get a file descriptor to a socket so that I can use fd.fchmod?

    -Tim

    --
    Job board: http://jobs.nodejs.org/
    New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md
    Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    ---
    You received this message because you are subscribed to the Google Groups "nodejs" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscribe@googlegroups.com.
    To post to this group, send email to nodejs@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/5469F718.9090202%40netsend.nl.
    For more options, visit https://groups.google.com/d/optout.
    --
    Job board: http://jobs.nodejs.org/
    New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md
    Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    ---
    You received this message because you are subscribed to the Google Groups "nodejs" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscribe@googlegroups.com.
    To post to this group, send email to nodejs@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/546a06c6.c371e50a.6654.7fd7SMTPIN_ADDED_BROKEN%40gmr-mx.google.com.
    For more options, visit https://groups.google.com/d/optout.
  • James Nylen at Nov 17, 2014 at 4:51 pm
    Aria, according to man 7 unix [1], what you wrote only applies for
    BSD-derived systems, and on Linux, socket permissions are honored as
    expected.

    This is consistent with my own experience - I have a program (not using
    Node.js) that starts a socket then runs the chmod and chown commands on it,
    and they do have the desired effect.

    as far as why you can't do this on Node.js... I'm not sure, there doesn't
    appear to be any special handling for sockets in the coreutils code.

    [1]: http://man7.org/linux/man-pages/man7/unix.7.html#NOTES
    On Mon, Nov 17, 2014 at 8:28 AM, Aredridel wrote:

    Permissions on Unix domain sockets are ignored, but set initially in the
    metadata by the process umask.

    Aria
    On Nov 17, 2014 8:24 AM, Tim Kuijsten wrote:

    I'd like to make a UNIX domain socket world writable after I've
    chrooted. But I have two problems.

    Using fs.open on a socket throws errno: -1, code: 'UNKNOWN'.

    I've also tried to get a handle using net.connect:

    var socket = net.connect(path);
    var fd = socket._handle.fd;
    fs.fchmod(fd, '666', ..

    but this gives [Error: EINVAL, fchmod] errno: 18, code: 'EINVAL'

    How can I get a file descriptor to a socket so that I can use fd.fchmod?

    -Tim

    --
    Job board: http://jobs.nodejs.org/
    New group rules:
    https://gist.github.com/othiym23/9886289#file-moderation-policy-md
    Old group rules:
    https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    ---
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To unsubscribe from this group and stop receiving emails from it, send
    an email to nodejs+unsubscribe@googlegroups.com.
    To post to this group, send email to nodejs@googlegroups.com.
    To view this discussion on the web visit
    https://groups.google.com/d/msgid/nodejs/5469F718.9090202%40netsend.nl.
    For more options, visit https://groups.google.com/d/optout.
    --
    Job board: http://jobs.nodejs.org/
    New group rules:
    https://gist.github.com/othiym23/9886289#file-moderation-policy-md
    Old group rules:
    https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    ---
    You received this message because you are subscribed to the Google Groups
    "nodejs" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to nodejs+unsubscribe@googlegroups.com.
    To post to this group, send email to nodejs@googlegroups.com.
    To view this discussion on the web visit
    https://groups.google.com/d/msgid/nodejs/546a06c6.c371e50a.6654.7fd7SMTPIN_ADDED_BROKEN%40gmr-mx.google.com
    .
    For more options, visit https://groups.google.com/d/optout.
    --
    Job board: http://jobs.nodejs.org/
    New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md
    Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    ---
    You received this message because you are subscribed to the Google Groups "nodejs" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscribe@googlegroups.com.
    To post to this group, send email to nodejs@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/CABVa4Nis4EMV5-4hnVq98o3ru8zSDmP0UWsLJ2LVSELXzYdQaQ%40mail.gmail.com.
    For more options, visit https://groups.google.com/d/optout.
  • Tim Kuijsten at Nov 17, 2014 at 4:53 pm
    I'm using umask 000 to make it world writable on creation, but AFAIK
    this creates a race condition, I only want the process to be listening
    on a world-writable socket after it's chrooted.

    When I don't use a process umask of 000 I get an EACCES error when
    trying to write to the socket with another user (since it's 755).

    I just read in chmod(2) "[EINVAL] fd refers to a socket, not to a
    file.". So with ignored you mean you can't chmod a socket after
    creation, and not that permissions are ignored when accessing the socket?

    Is it possible to create a world writable socket and start listening
    after I've chrooted to /var/empty?

    -Tim

    ps. I've read on SO socket permissions on unix are ignored, but I can
    confirm this is not the case on OS X, and unix(4) on OpenBSD states
    "Normal filesystem access-control mechanisms are also applied when
    referencing pathnames; e.g., the destination of a connect(2) or
    sendto(2) must be writable."

    Aredridel schreef op 17-11-14 om 15:28:
    Permissions on Unix domain sockets are ignored, but set initially in the metadata by the process umask.

    Aria
    On Nov 17, 2014 8:24 AM, Tim Kuijsten wrote:

    I'd like to make a UNIX domain socket world writable after I've
    chrooted. But I have two problems.

    Using fs.open on a socket throws errno: -1, code: 'UNKNOWN'.

    I've also tried to get a handle using net.connect:

    var socket = net.connect(path);
    var fd = socket._handle.fd;
    fs.fchmod(fd, '666', ..

    but this gives [Error: EINVAL, fchmod] errno: 18, code: 'EINVAL'

    How can I get a file descriptor to a socket so that I can use fd.fchmod?

    -Tim

    --
    Job board: http://jobs.nodejs.org/
    New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md
    Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    ---
    You received this message because you are subscribed to the Google Groups "nodejs" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscribe@googlegroups.com.
    To post to this group, send email to nodejs@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/5469F718.9090202%40netsend.nl.
    For more options, visit https://groups.google.com/d/optout.
    --
    Job board: http://jobs.nodejs.org/
    New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md
    Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    ---
    You received this message because you are subscribed to the Google Groups "nodejs" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscribe@googlegroups.com.
    To post to this group, send email to nodejs@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/546A1275.4050106%40netsend.nl.
    For more options, visit https://groups.google.com/d/optout.
  • Tim Kuijsten at Nov 17, 2014 at 4:52 pm

    Aredridel schreef op 17-11-14 om 17:44:
    Correct: even mode 000, a socket can be connected to.
    This is not my experience, like I said, when I don't use a process umask
    of 000 (i.e. 022) I get an EACCES error when trying to write to the
    socket with another user (since the socket is 755 and thus not world
    writable).

    -Tim
    On Nov 17, 2014 10:21 AM, Tim Kuijsten wrote:

    I'm using umask 000 to make it world writable on creation, but AFAIK
    this creates a race condition, I only want the process to be listening
    on a world-writable socket after it's chrooted.

    When I don't use a process umask of 000 I get an EACCES error when
    trying to write to the socket with another user (since it's 755).

    I just read in chmod(2) "[EINVAL] fd refers to a socket, not to a
    file.". So with ignored you mean you can't chmod a socket after
    creation, and not that permissions are ignored when accessing the socket?

    Is it possible to create a world writable socket and start listening
    after I've chrooted to /var/empty?

    -Tim

    ps. I've read on SO socket permissions on unix are ignored, but I can
    confirm this is not the case on OS X, and unix(4) on OpenBSD states
    "Normal filesystem access-control mechanisms are also applied when
    referencing pathnames; e.g., the destination of a connect(2) or
    sendto(2) must be writable."

    Aredridel schreef op 17-11-14 om 15:28:
    Permissions on Unix domain sockets are ignored, but set initially in the metadata by the process umask.

    Aria
    On Nov 17, 2014 8:24 AM, Tim Kuijsten wrote:

    I'd like to make a UNIX domain socket world writable after I've
    chrooted. But I have two problems.

    Using fs.open on a socket throws errno: -1, code: 'UNKNOWN'.

    I've also tried to get a handle using net.connect:

    var socket = net.connect(path);
    var fd = socket._handle.fd;
    fs.fchmod(fd, '666', ..

    but this gives [Error: EINVAL, fchmod] errno: 18, code: 'EINVAL'

    How can I get a file descriptor to a socket so that I can use fd.fchmod?

    -Tim

    --
    Job board: http://jobs.nodejs.org/
    New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md
    Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    ---
    You received this message because you are subscribed to the Google Groups "nodejs" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscribe@googlegroups.com.
    To post to this group, send email to nodejs@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/5469F718.9090202%40netsend.nl.
    For more options, visit https://groups.google.com/d/optout.
    --
    Job board: http://jobs.nodejs.org/
    New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md
    Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    ---
    You received this message because you are subscribed to the Google Groups "nodejs" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscribe@googlegroups.com.
    To post to this group, send email to nodejs@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/546A277D.8000704%40netsend.nl.
    For more options, visit https://groups.google.com/d/optout.
  • Sam Roberts at Nov 17, 2014 at 9:51 pm

    On Mon, Nov 17, 2014 at 5:24 AM, Tim Kuijsten wrote:
    I'd like to make a UNIX domain socket world writable after I've chrooted.
    But I have two problems.

    Using fs.open on a socket throws errno: -1, code: 'UNKNOWN'.

    I've also tried to get a handle using net.connect:

    var socket = net.connect(path);
    var fd = socket._handle.fd;
    fs.fchmod(fd, '666', ..
    ...

    You can't do the things you tried at the system level, its not a node
    limitation.

    To create a unix domain socket and sets is mode atomically, you need
    to set your umask
    (http://nodejs.org/api/process.html#process_process_umask_mask).

    To change the mode after-creation, use fs.chmod()
    (http://nodejs.org/api/fs.html#fs_fs_chmod_path_mode_callback).

    --
    Job board: http://jobs.nodejs.org/
    New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md
    Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    ---
    You received this message because you are subscribed to the Google Groups "nodejs" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscribe@googlegroups.com.
    To post to this group, send email to nodejs@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/CACmrRmQDXtGCbs-96CDYgF3kSe0OVoiXPewBs1FiuPhKosPaxw%40mail.gmail.com.
    For more options, visit https://groups.google.com/d/optout.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupnodejs @
categoriesnodejs
postedNov 17, '14 at 2:25p
activeNov 17, '14 at 9:51p
posts6
users4
websitenodejs.org
irc#node.js

People

Translate

site design / logo © 2022 Grokbase