diff options
| author | Garrett D'Amore <garrett@damore.org> | 2018-04-27 14:14:08 -0700 |
|---|---|---|
| committer | Garrett D'Amore <garrett@damore.org> | 2018-04-30 11:33:10 -0700 |
| commit | 2b0d31553e542c130e2595ff9a3ac9756a2c1619 (patch) | |
| tree | f9ef54cfe7c4336e4765091445aa4d86a53645b5 /docs | |
| parent | 88c7a328dfaca4a9fce13ebbc4bce6b24d048c3e (diff) | |
| download | nng-2b0d31553e542c130e2595ff9a3ac9756a2c1619.tar.gz nng-2b0d31553e542c130e2595ff9a3ac9756a2c1619.tar.bz2 nng-2b0d31553e542c130e2595ff9a3ac9756a2c1619.zip | |
fixes #6 Security attributes support
fixes #382 Permissions support for IPC on POSIX
This adds support for permission management on Windows and
POSIX systems. There are two different properties, and they
are very different.
Tests and documentation are included.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/man/nng_ipc.7.adoc | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/docs/man/nng_ipc.7.adoc b/docs/man/nng_ipc.7.adoc index ee89b29a..199aa757 100644 --- a/docs/man/nng_ipc.7.adoc +++ b/docs/man/nng_ipc.7.adoc @@ -45,7 +45,7 @@ This transport uses URIs using the scheme `ipc://`, followed by a an absolute path name in the file system where the socket or named pipe should be created. -TIP: On Windows, all names are prefixed by `\.\pipe\` and do not +TIP: On Windows, all names are prefixed by `\\.\pipe\` and do not occupy the normal file system. On POSIX platforms, the path is taken literally, and is relative to the root directory. @@ -63,9 +63,29 @@ the actual structure is of type <<nng_sockaddr_ipc.5#,`nng_sockaddr_ipc`>>. === Transport Options -The _ipc_ transport has no special options. +((`NNG_OPT_IPC_PERMISSIONS`)):: -NOTE: Options for security attributes and credentials are planned. +This write-only option may be used to configure the permissions that +are used on the UNIX domain socket created by a listener. +This property is only supported on POSIX systems. +The value is of type `int`, representing the normal permission bits +on a file, such as `0600` (typically meaning read-write to the owner, and +no permissions for anyone else.) +The default is system-specific, most often `0644`. + +NOTE: Normally both read and write permission will be necessary for a +peer dialer to connect. +See your system documentation for UNIX domain sockets for more information. + +NOTE: The _umask_ of the process is *not* applied to these bits. + +((`NNG_OPT_IPC_SECURITY_DESCRIPTOR`)):: + +This write-only option may be used on Windows platforms to configure +the `SECURITY_DESCRIPTOR` that is used when creating the underying +named pipe. +The value is a pointer, `PSECURITY_DESCRIPTOR`, and may only be +applied to listeners that have not been started yet. == SEE ALSO |