summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3038ccc)
raw | patch | inline | side by side (parent: 3038ccc)
author | oetiker <oetiker@a5681a0c-68f1-0310-ab6d-d61299d08faa> | |
Mon, 22 Mar 2010 14:49:26 +0000 (14:49 +0000) | ||
committer | oetiker <oetiker@a5681a0c-68f1-0310-ab6d-d61299d08faa> | |
Mon, 22 Mar 2010 14:49:26 +0000 (14:49 +0000) |
the file permissions of a UNIX socket. The option affects the following
sockets only, i.e., it's possible to specify different modes for different
sockets. -- Sebastian Harl
git-svn-id: svn://svn.oetiker.ch/rrdtool/trunk@2035 a5681a0c-68f1-0310-ab6d-d61299d08faa
sockets only, i.e., it's possible to specify different modes for different
sockets. -- Sebastian Harl
git-svn-id: svn://svn.oetiker.ch/rrdtool/trunk@2035 a5681a0c-68f1-0310-ab6d-d61299d08faa
program/doc/rrdcached.pod | patch | blob | history | |
program/src/rrd_daemon.c | patch | blob | history |
index e2f7ed8f6af8d4203691da292db82e287cfa4b0e..d6bfec39c41bbd2afb071c65d268b841a5b219fa 100644 (file)
=item B<-s> I<group_name>|I<gid>
-Set the group permissions of the UNIX domain socket. The option accepts either
+Set the group permissions of a UNIX domain socket. The option accepts either
a numeric group id or group name. That group will then have both read and write
permissions (the socket will have file permissions 0750) for the socket and,
therefore, is able to send commands to the daemon. This
The default is not to change ownership or permissions of the socket and, thus,
use the system default.
+=item B<-m> I<mode>
+
+Set the file permissions of a UNIX domain socket. The option accepts an octal
+number representing the bit pattern for the mode (see L<chmod(1)> for
+details).
+
+Please note that not all systems honor this setting. On Linux, read/write
+permissions are required to connect to a UNIX socket. However, many
+BSD-derived systems ignore permissions for UNIX sockets. See L<unix(7)> for
+details.
+
+This option affects the I<following> UNIX socket addresses (the following
+B<-l> options), i.e., you may specify different settings for different
+sockets.
+
+The default is not to change ownership or permissions of the socket and, thus,
+use the system default.
+
=item B<-P> I<command>[,I<command>[,...]]
Specifies the commands accepted via a network socket. This allows
index 372adee9deea8e24f41160b794fbb34370fcd6b3..b290bcc0861619f3eed716208882689fefdd3862 100644 (file)
--- a/program/src/rrd_daemon.c
+++ b/program/src/rrd_daemon.c
uint32_t permissions;
- gid_t socket_group;
+ gid_t socket_group;
+ mode_t socket_permissions;
};
typedef struct listen_socket_s listen_socket_t;
}
}
+ if (sock->socket_permissions != (mode_t)-1)
+ {
+ if (chmod(path, sock->socket_permissions) != 0)
+ fprintf(stderr, "rrdcached: failed to set socket file permissions (%o): %s\n",
+ (unsigned int)sock->socket_permissions, strerror(errno));
+ }
+
status = listen (fd, /* backlog = */ 10);
if (status != 0)
{
char **permissions = NULL;
size_t permissions_len = 0;
- gid_t socket_group = (gid_t)-1;
+ gid_t socket_group = (gid_t)-1;
+ mode_t socket_permissions = (mode_t)-1;
- while ((option = getopt(argc, argv, "gl:s:P:f:w:z:t:Bb:p:Fj:h?")) != -1)
+ while ((option = getopt(argc, argv, "gl:s:m:P:f:w:z:t:Bb:p:Fj:h?")) != -1)
{
switch (option)
{
/* }}} Done adding permissions. */
new->socket_group = socket_group;
+ new->socket_permissions = socket_permissions;
if (!rrd_add_ptr((void ***)&config_listen_address_list,
&config_listen_address_list_len, new))
}
break;
+ /* set socket file permissions */
+ case 'm':
+ {
+ long tmp;
+ char *endptr = NULL;
+
+ tmp = strtol (optarg, &endptr, 8);
+ if ((endptr == optarg) || (! endptr) || (*endptr != '\0')
+ || (tmp > 07777) || (tmp < 0)) {
+ fprintf (stderr, "read_options: Invalid file mode \"%s\".\n",
+ optarg);
+ return (5);
+ }
+
+ socket_permissions = (mode_t)tmp;
+ }
+ break;
+
case 'P':
{
char *optcopy;