UNIX(7)                             Linux Programmer's Manual                             UNIX(7)



NAME
       unix, PF_UNIX, AF_UNIX, PF_LOCAL, AF_LOCAL - Sockets for local interprocess communication

SYNOPSIS
       #include 
       #include 

       unix_socket = socket(PF_UNIX, type, 0);
       error = socketpair(PF_UNIX, type, 0, int *sv);


DESCRIPTION
       The  PF_UNIX  (also  known  as PF_LOCAL) socket family is used to communicate between pro-
       cesses on the same machine efficiently. Unix sockets can be either anonymous  (created  by
       socketpair(2))  or associated with a file of type socket.  Linux also supports an abstract
       namespace which is independent of the file system.

       Valid types are SOCK_STREAM for a stream oriented socket and  SOCK_DGRAM  for  a  datagram
       oriented  socket  that  preserves message boundaries. Unix sockets are always reliable and
       don't reorder datagrams.

       Unix sockets support passing file descriptors or process credentials  to  other  processes
       using ancillary data.


ADDRESS FORMAT
       A  unix  address  is  defined as a filename in the filesystem or as a unique string in the
       abstract namespace. Sockets created by  socketpair(2)  are  anonymous.  For  non-anonymous
       sockets  the  target  address  can  be set using connect(2).  The local address can be set
       using bind(2).  When a socket is connected and it doesn't already have a local  address  a
       unique address in the abstract namespace will be generated automatically.

              #define UNIX_PATH_MAX    108

              struct sockaddr_un {
                  sa_family_t  sun_family;              /* AF_UNIX */
                  char         sun_path[UNIX_PATH_MAX]; /* pathname */
              };

       sun_family always contains AF_UNIX.  sun_path contains the zero-terminated pathname of the
       socket in the file system.  If sun_path starts with a zero byte it refers to the  abstract
       namespace  maintained by the Unix protocol module.  The socket's address in this namespace
       is given by the rest of the bytes in sun_path.  Note that names in the abstract  namespace
       are not zero-terminated.


SOCKET OPTIONS
       For  historical  reasons  these  socket  options are specified with a SOL_SOCKET type even
       though they are PF_UNIX specific.  They can be set with setsockopt(2) and read  with  get-
       sockopt(2) by specifying SOL_SOCKET as the socket family.

       SO_PASSCRED
              Enables  the receiving of the credentials of the sending process ancillary message.
              When this option is set and the socket is not yet connected a unique  name  in  the
              abstract  namespace  will  be  generated automatically.  Expects an integer boolean
              flag.


ANCILLARY MESSAGES
       Ancillary data is sent and received using sendmsg(2) and recvmsg(2).  For historical  rea-
       sons  the  ancillary  message types listed below are specified with a SOL_SOCKET type even
       though they are PF_UNIX specific.  To send them set the cmsg_level  field  of  the  struct
       cmsghdr  to  SOL_SOCKET  and  the  cmsg_type  field  to the type. For more information see
       cmsg(3).


       SCM_RIGHTS
              Send or receive a set of open file descriptors from another process.  The data por-
              tion  contains  an integer array of the file descriptors.  The passed file descrip-
              tors behave as though they have been created with dup(2).


       SCM_CREDENTIALS
              Send or receive unix credentials.  This can be used for authentication.   The  cre-
              dentials are passed as a struct ucred ancillary message.

              struct ucred {
                  pid_t  pid;  /* process id of the sending process */
                  uid_t  uid;  /* user id of the sending process */
                  gid_t  gid;  /* group id of the sending process */
              };

       The  credentials  which  the  sender  specifies are checked by the kernel.  A process with
       effective user ID 0 is allowed to specify values that do not match his  own.   The  sender
       must specify its own process ID (unless it has the capability CAP_SYS_ADMIN), its user ID,
       effective user ID or set user ID (unless it has CAP_SETUID), and its group  id,  effective
       group  ID  or  set group ID (unless it has CAP_SETGID).  To receive a struct ucred message
       the SO_PASSCRED option must be enabled on the socket.


VERSIONS
       SCM_CREDENTIALS and the abstract namespace were introduced with Linux 2.2 and  should  not
       be  used in portable programs.  (Some BSD-derived systems also support credential passing,
       but the implementation details differ.)


NOTES
       In the Linux implementation, sockets which are visible in the filesystem honour  the  per-
       missions  of  the  directory  they are in. Their owner, group and their permissions can be
       changed.  Creation of a new socket will fail if the process does not have write and search
       (execute)  permission on the directory the socket is created in.  Connecting to the socket
       object requires read/write permission.  This behavior differs from many  BSD-derived  sys-
       tems  which ignore permissions for Unix sockets. Portable programs should not rely on this
       feature for security.

       Binding to a socket with a filename creates a socket in  the  file  system  that  must  be
       deleted  by  the  caller  when  it  is no longer needed (using unlink(2)).  The usual Unix
       close-behind semantics apply; the socket can be unlinked at any time and will  be  finally
       removed from the file system when the last reference to it is closed.

       To pass file descriptors or credentials over a SOCK_STREAM, you need to send/recv at least
       one byte of non-ancillary data in the same send/recv_msg call.

       Unix domain stream sockets do not support the notion of out-of-band data.

ERRORS
       ENOMEM Out of memory.

       ECONNREFUSED
              connect(2) called with a socket object that isn't listening. This can  happen  when
              the remote socket does not exist or the filename is not a socket.

       EINVAL Invalid  argument  passed.  A common cause is the missing setting of AF_UNIX in the
              sun_type field of passed addresses or the socket being in an invalid state for  the
              applied operation.

       EOPNOTSUPP
              Stream  operation  called on non-stream oriented socket or tried to use the out-of-
              band data option.

       EPROTONOSUPPORT
              Passed protocol is not PF_UNIX.

       ESOCKTNOSUPPORT
              Unknown socket type.

       EPROTOTYPE
              Remote socket does not match the local socket type (SOCK_DGRAM vs.  SOCK_STREAM)

       EADDRINUSE
              Selected local address is already taken or filesystem socket object already exists.

       EISCONN
              connect(2)  called on an already connected socket or a target address was specified
              on a connected socket.

       ENOTCONN
              Socket operation needs a target address, but the socket is not connected.

       ECONNRESET
              Remote socket was unexpectedly closed.

       EPIPE  Remote socket was closed on a stream socket. If enabled, a SIGPIPE is sent as well.
              This can be avoided by passing the MSG_NOSIGNAL flag to sendmsg(2) or recvmsg(2).

       EFAULT User memory address was not valid.

       EPERM  The sender passed invalid credentials in the struct ucred.

       Other  errors can be generated by the generic socket layer or by the filesystem while gen-
       erating a filesystem socket object. See the appropriate manual pages for more information.

SEE ALSO
       recvmsg(2), sendmsg(2), socket(2), socketpair(2), cmsg(3), capabilities(7), socket(7)



Linux Man Page                              2002-12-02                                    UNIX(7)