无法跨用户访问UNIX域套接字? [英] UNIX domain sockets not accessable across users?

问题描述

我正在使用ZMQ在Red Hat Enterprise上运行客户端/服务器应用程序以进行消息传递.用于将客户端与服务器关联的IPC套接字是使用Unix域套接字实现的.

I'm running a client/server application on Red Hat Enterprise using ZMQ for message passing. The IPC socket used to associate a client with the server is implemented using a Unix domain socket.

如果用户A启动服务器进程，则似乎只有用户A启动的客户端可以连接到该套接字并通过该套接字进行通信.我们的项目要求客户端必须由不同的用户运行，所以这是一个主要的症结所在.

If user A starts the server process, it seems like only clients started by user A can connect to and communicate over that socket. Our project requires that the clients be able to be run by different users, so this is a major sticking point.

套接字位于/tmp/ipc_assoc，具有默认的755权限. chmod 777无法解决问题. chown userB允许用户B访问套接字，但是用户A随后失去访问权限.甚至 root 也不能​​访问套接字.该计算机上没有使用ACL或SeLinux.

The socket is located at /tmp/ipc_assoc with default 755 permissions. chmod 777 does not fix the problem. chown userB allows user B to access the socket, but user A then loses access. Not even root can access the socket. There is no ACL or SeLinux in use on the machine.

这是Unix域套接字的典型行为吗?有没有人想出解决方法?

Is this typical behavior for Unix domain sockets? Has anyone figured out how to work around it?

推荐答案

在ZMQ邮件列表的一些帮助下，我已进行了变通.这很丑，但是似乎可以连续工作.

With some assistance from the ZMQ mailing list, I have made a work around. It's ugly, but seems to work consistently.

我必须在/tmp下创建一个子目录，然后在 chmod 777 下创建一个子目录.服务器现在在该新文件夹中创建套接字.它还以编程方式 chmod 777 套接字.现在，只要服务器以root用户身份运行，任何用户都可以运行客户端并与服务器对话.

I had to make a subdirectory under /tmp and chmod 777 it. The server now creates the socket in that new folder. It also programmatically chmod 777 the socket. Now, as long as the server is run as root, any user can run a client and talk to the server.

我不知道为什么UNIX域套接字的行为如此，但是它确实很烦人.

I don't know why UNIX domain socket behave this way, but it sure is annoying.

这篇关于无法跨用户访问UNIX域套接字?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！