Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
UNIX(4)		       FreeBSD Kernel Interfaces Manual		       UNIX(4)

NAME
     unix -- UNIX-domain protocol family

SYNOPSIS
     #include <sys/types.h>
     #include <sys/un.h>

DESCRIPTION
     The UNIX-domain protocol family is	a collection of	protocols that pro-
     vides local (on-machine) interprocess communication through the normal
     socket(2) mechanisms.  The	UNIX-domain family supports the	SOCK_STREAM,
     SOCK_SEQPACKET, and SOCK_DGRAM socket types and uses file system path-
     names for addressing.

ADDRESSING
     UNIX-domain addresses are variable-length file system pathnames of	at
     most 104 characters.  The include file <sys/un.h> defines this address:

	   struct sockaddr_un {
		   u_char  sun_len;
		   u_char  sun_family;
		   char	   sun_path[104];
	   };

     Binding a name to a UNIX-domain socket with bind(2) causes	a socket file
     to	be created in the file system.	This file is not removed when the
     socket is closed -- unlink(2) must	be used	to remove the file.

     The length	of UNIX-domain address,	required by bind(2) and	connect(2),
     can be calculated by the macro SUN_LEN() defined in <sys/un.h>.  The
     sun_path field must be terminated by a NUL	character to be	used with
     SUN_LEN(),	but the	terminating NUL	is not part of the address.

     The UNIX-domain protocol family does not support broadcast	addressing or
     any form of "wildcard" matching on	incoming messages.  All	addresses are
     absolute- or relative-pathnames of	other UNIX-domain sockets.  Normal
     file system access-control	mechanisms are also applied when referencing
     pathnames;	e.g., the destination of a connect(2) or sendto(2) must	be
     writable.

CONTROL	MESSAGES
     The UNIX-domain sockets support the communication of UNIX file descrip-
     tors and process credentials through the use of the msg_control field in
     the msg argument to sendmsg(2) and	recvmsg(2).  The items to be passed
     are described using a struct cmsghdr that is defined in the include file
     <sys/socket.h>.

     To	send file descriptors, the type	of the message is SCM_RIGHTS, and the
     data portion of the messages is an	array of integers representing the
     file descriptors to be passed.  The number	of descriptors being passed is
     defined by	the length field of the	message; the length field is the sum
     of	the size of the	header plus the	size of	the array of file descriptors.

     The received descriptor is	a duplicate of the sender's descriptor,	as if
     it	were created via dup(fd) or fcntl(fd, F_DUPFD_CLOEXEC, 0) depending on
     whether MSG_CMSG_CLOEXEC is passed	in the recvmsg(2) call.	 Descriptors
     that are awaiting delivery, or that are purposely not received, are auto-
     matically closed by the system when the destination socket	is closed.

     Credentials of the	sending	process	can be transmitted explicitly using a
     control message of	type SCM_CREDS with a data portion of type struct
     cmsgcred, defined in <sys/socket.h> as follows:

     struct cmsgcred {
       pid_t cmcred_pid;	     /*	PID of sending process */
       uid_t cmcred_uid;	     /*	real UID of sending process */
       uid_t cmcred_euid;	     /*	effective UID of sending process */
       gid_t cmcred_gid;	     /*	real GID of sending process */
       short cmcred_ngroups;	     /*	number of groups */
       gid_t cmcred_groups[CMGROUP_MAX];     /*	groups */
     };

     The sender	should pass a zeroed buffer which will be filled in by the
     system.

     The group list is truncated to at most CMGROUP_MAX	GIDs.

     The process ID cmcred_pid should not be looked up (such as	via the
     KERN_PROC_PID sysctl) for making security decisions.  The sending process
     could have	exited and its process ID already been reused for a new
     process.

SOCKET OPTIONS
     UNIX domain sockets support a number of socket options for	the options
     level SOL_LOCAL, which can	be set with setsockopt(2) and tested with
     getsockopt(2):

     LOCAL_CREDS	     This option may be	enabled	on SOCK_DGRAM,
			     SOCK_SEQPACKET, or	a SOCK_STREAM socket.  This
			     option provides a mechanism for the receiver to
			     receive the credentials of	the process calling
			     write(2), send(2),	sendto(2) or sendmsg(2)	as a
			     recvmsg(2)	control	message.  The msg_control
			     field in the msghdr structure points to a buffer
			     that contains a cmsghdr structure followed	by a
			     variable length sockcred structure, defined in
			     <sys/socket.h> as follows:

			     struct sockcred {
			       uid_t sc_uid;	     /*	real user id */
			       uid_t sc_euid;	     /*	effective user id */
			       gid_t sc_gid;	     /*	real group id */
			       gid_t sc_egid;	     /*	effective group	id */
			       int   sc_ngroups;     /*	number of supplemental groups */
			       gid_t sc_groups[1];   /*	variable length	*/
			     };

			     The current implementation	truncates the group
			     list to at	most CMGROUP_MAX groups.

			     The SOCKCREDSIZE()	macro computes the size	of the
			     sockcred structure	for a specified	number of
			     groups.  The cmsghdr fields have the following
			     values:

			     cmsg_len =	CMSG_LEN(SOCKCREDSIZE(ngroups))
			     cmsg_level	= SOL_SOCKET
			     cmsg_type = SCM_CREDS

			     On	SOCK_STREAM and	SOCK_SEQPACKET sockets creden-
			     tials are passed only on the first	read from a
			     socket, then the system clears the	option on the
			     socket.

			     This option and the above explicit	struct
			     cmsgcred both use the same	value SCM_CREDS	but
			     incompatible control messages.  If	this option is
			     enabled and the sender attached a SCM_CREDS con-
			     trol message with a struct	cmsgcred, it will be
			     discarded and a struct sockcred will be included.

			     Many setuid programs will write(2)	data at	least
			     partially controlled by the invoker, such as er-
			     ror messages.  Therefore, a message accompanied
			     by	a particular sc_euid value should not be
			     trusted as	being from that	user.

     LOCAL_CREDS_PERSISTENT  This option is similar to LOCAL_CREDS, except
			     that socket credentials are passed	on every read
			     from a SOCK_STREAM	or SOCK_SEQPACKET socket, in-
			     stead of just the first read.  Additionally, the
			     msg_control field in the msghdr structure points
			     to	a buffer that contains a cmsghdr structure
			     followed by a variable length sockcred2 struc-
			     ture, defined in <sys/socket.h> as	follows:

			     struct sockcred2 {
			       int   sc_version;     /*	version	of this	structure */
			       pid_t sc_pid;	     /*	PID of sending process */
			       uid_t sc_uid;	     /*	real user id */
			       uid_t sc_euid;	     /*	effective user id */
			       gid_t sc_gid;	     /*	real group id */
			       gid_t sc_egid;	     /*	effective group	id */
			       int   sc_ngroups;     /*	number of supplemental groups */
			       gid_t sc_groups[1];   /*	variable length	*/
			     };

			     The current version is zero.

			     The cmsghdr fields	have the following values:

			     cmsg_len =	CMSG_LEN(SOCKCRED2SIZE(ngroups))
			     cmsg_level	= SOL_SOCKET
			     cmsg_type = SCM_CREDS2

			     The LOCAL_CREDS and LOCAL_CREDS_PERSISTENT	op-
			     tions are mutually	exclusive.

     LOCAL_CONNWAIT	     Used with SOCK_STREAM sockets, this option	causes
			     the connect(2) function to	block until accept(2)
			     has been called on	the listening socket.

     LOCAL_PEERCRED	     Requested via getsockopt(2) on a SOCK_STREAM
			     socket returns credentials	of the remote side.
			     These will	arrive in the form of a	filled in
			     xucred structure, defined in <sys/ucred.h>	as
			     follows:

			     struct xucred {
			       u_int cr_version;	     /*	structure layout version */
			       uid_t cr_uid;		     /*	effective user id */
			       short cr_ngroups;	     /*	number of groups */
			       gid_t cr_groups[XU_NGROUPS];  /*	groups */
			       pid_t cr_pid;		     /*	process	id of the sending process */
			     };
			     The cr_version fields should be checked against
			     XUCRED_VERSION define.

			     The credentials presented to the server (the
			     listen(2) caller) are those of the	client when it
			     called connect(2);	the credentials	presented to
			     the client	(the connect(2)	caller)	are those of
			     the server	when it	called listen(2).  This	mecha-
			     nism is reliable; there is	no way for either
			     party to influence	the credentials	presented to
			     its peer except by	calling	the appropriate	system
			     call (e.g., connect(2) or listen(2)) under	dif-
			     ferent effective credentials.

			     To	reliably obtain	peer credentials on a
			     SOCK_DGRAM	socket refer to	the LOCAL_CREDS	socket
			     option.

SEE ALSO
     connect(2), dup(2), fcntl(2), getsockopt(2), listen(2), recvmsg(2),
     sendto(2),	setsockopt(2), socket(2), CMSG_DATA(3),	intro(4)

     "An Introductory 4.3 BSD Interprocess Communication Tutorial", PS1, 7.

     "An Advanced 4.3 BSD Interprocess Communication Tutorial",	PS1, 8.

FreeBSD	13.0		       November	9, 2020			  FreeBSD 13.0

NAME | SYNOPSIS | DESCRIPTION | ADDRESSING | CONTROL MESSAGES | SOCKET OPTIONS | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=unix&sektion=4&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help