1 .\" Copyright (c) 1991, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. Neither the name of the University nor the names of its contributors
13 .\" may be used to endorse or promote products derived from this software
14 .\" without specific prior written permission.
16 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 .\" @(#)unix.4 8.1 (Berkeley) 6/9/93
36 .Nd UNIX-domain protocol family
43 protocol family is a collection of protocols
44 that provides local (on-machine) interprocess
45 communication through the normal
56 file system pathnames for addressing.
59 addresses are variable-length file system pathnames of
60 at most 104 characters.
64 .Bd -literal -offset indent
76 causes a socket file to be created in the file system.
79 removed when the socket is closed \(em
81 must be used to remove the file.
89 can be calculated by the macro
95 field must be terminated by a
97 character to be used with
107 protocol family does not support broadcast addressing or any form
110 matching on incoming messages.
111 All addresses are absolute- or relative-pathnames
115 Normal file system access-control mechanisms are also
116 applied when referencing pathnames; e.g., the destination
125 sockets support the communication of
127 file descriptors and process credentials through the use of the
135 The items to be passed are described using a
137 that is defined in the include file
140 To send file descriptors, the type of the message is
142 and the data portion of the messages is an array of integers
143 representing the file descriptors to be passed.
144 The number of descriptors being passed is defined
145 by the length field of the message;
146 the length field is the sum of the size of the header
147 plus the size of the array of file descriptors.
149 The received descriptor is a
151 of the sender's descriptor, as if it were created via
154 .Li fcntl(fd, F_DUPFD_CLOEXEC, 0)
160 Descriptors that are awaiting delivery, or that are
161 purposely not received, are automatically closed by the system
162 when the destination socket is closed.
164 Credentials of the sending process can be transmitted explicitly using a
165 control message of type
167 with a data portion of type
168 .Vt "struct cmsgcred" ,
174 pid_t cmcred_pid; /* PID of sending process */
175 uid_t cmcred_uid; /* real UID of sending process */
176 uid_t cmcred_euid; /* effective UID of sending process */
177 gid_t cmcred_gid; /* real GID of sending process */
178 short cmcred_ngroups; /* number of groups */
179 gid_t cmcred_groups[CMGROUP_MAX]; /* groups */
183 The sender should pass a zeroed buffer which will be filled in by the system.
185 The group list is truncated to at most
191 should not be looked up (such as via the
193 sysctl) for making security decisions.
194 The sending process could have exited and its process ID already been
195 reused for a new process.
198 domain sockets support a number of socket options which can be set with
202 .Bl -tag -width ".Dv LOCAL_CONNWAIT"
204 This option may be enabled on
210 This option provides a mechanism for the receiver to
211 receive the credentials of the process calling
224 structure points to a buffer that contains a
226 structure followed by a variable length
228 structure, defined in
233 uid_t sc_uid; /* real user id */
234 uid_t sc_euid; /* effective user id */
235 gid_t sc_gid; /* real group id */
236 gid_t sc_egid; /* effective group id */
237 int sc_ngroups; /* number of supplemental groups */
238 gid_t sc_groups[1]; /* variable length */
242 The current implementation truncates the group list to at most
248 macro computes the size of the
250 structure for a specified number
254 fields have the following values:
256 cmsg_len = CMSG_LEN(SOCKCREDSIZE(ngroups))
257 cmsg_level = SOL_SOCKET
258 cmsg_type = SCM_CREDS
265 sockets credentials are passed only on the first read from a socket,
266 then the system clears the option on the socket.
268 This option and the above explicit
269 .Vt "struct cmsgcred"
270 both use the same value
272 but incompatible control messages.
273 If this option is enabled and the sender attached a
275 control message with a
276 .Vt "struct cmsgcred" ,
277 it will be discarded and a
278 .Vt "struct sockcred"
281 Many setuid programs will
283 data at least partially controlled by the invoker,
284 such as error messages.
285 Therefore, a message accompanied by a particular
287 value should not be trusted as being from that user.
288 .It Dv LOCAL_CONNWAIT
291 sockets, this option causes the
293 function to block until
295 has been called on the listening socket.
296 .It Dv LOCAL_PEERCRED
301 socket returns credentials of the remote side.
302 These will arrive in the form of a filled in
304 structure, defined in
309 u_int cr_version; /* structure layout version */
310 uid_t cr_uid; /* effective user id */
311 short cr_ngroups; /* number of groups */
312 gid_t cr_groups[XU_NGROUPS]; /* groups */
317 fields should be checked against
321 The credentials presented to the server (the
323 caller) are those of the client when it called
325 the credentials presented to the client (the
327 caller) are those of the server when it called
329 This mechanism is reliable; there is no way for either party to influence
330 the credentials presented to its peer except by calling the appropriate
335 under different effective credentials.
337 To reliably obtain peer credentials on a
356 .%T "An Introductory 4.3 BSD Interprocess Communication Tutorial"
361 .%T "An Advanced 4.3 BSD Interprocess Communication Tutorial"