Hi, I’m a bit confused about linux unix socket files permissions, created by ovs daemons.
From source code [0] I see it sets 0770 fchmod on file descriptor prior to socket bind(), assuming that sock file when creates will inherit FD’s permissions. So, I expect that after unix socket files created, they have rwxrwx--- permissions. However if running, for instance, ovsdb-server as root, it seems that this fchmod() call has no effect. Instead default root umask (0022) seems to be used: # ovsdb-server --remote punix:///var/run/openvswitch/ovs.sock /etc/openvswitch/ovs.db # ls -l /var/run/openvswitch/ovs.sock srwxr-x--- 1 root root 0 Jan 25 17:48 /var/run/openvswitch/ovs.sock If switch user to non-root (default umask 0002): $ ovsdb-server --remote punix://$(pwd)/ovs.sock --unixctl=$(pwd)/ctl.sock ./ovs.db $ ls -l ovs.sock srwxrwx--- 1 vlodintsov vlodintsov 0 Jan 25 17:42 ovs.sock If running as root, passing desired user as an argument to ovsdb-server, it still has the same as just root behaviour: # ovsdb-server --remote punix:///var/run/openvswitch/ovs.sock /etc/openvswitch/ovs.db --user openvswitch:openvswitch # ls -l /var/run/openvswitch/ovs.sock srwxr-x--- 1 openvswitch openvswitch 0 Jan 25 17:47 /var/run/openvswitch/ovs.sock This line of code [0] is quite old (about 8 years), so what am I doing wrong? Is it possible to make socket writable by group without extenal call chmod 0770 <path_to_socket> ? 0: https://github.com/openvswitch/ovs/blob/v2.17.5/lib/socket-util-unix.c#L264 Regards, Vladislav Odintsov _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
