Issue #1249 new

wsgiserver UNIX socket permission

Javier Gisbert
created an issue

When creating a UNIX socket, the permissions are not correctly set because the file is deleted with os.unlink.

The os.chmod call should be made after the socket is binded.

This is the relevant code, in HTTPServer.start both in wsgiserver2 and wsgiserver3:

if isinstance(self.bind_addr, basestring):
            # AF_UNIX socket

            # So we can reuse the socket...
            try: os.unlink(self.bind_addr)
            except: pass

            # So everyone can access the socket...
            try: os.chmod(self.bind_addr, 511) # 0777
            except: pass

            info = [(socket.AF_UNIX, socket.SOCK_STREAM, 0, "", self.bind_addr)]

Comments (1)

  1. Pete Bohman

    In the relevant code, os.chmod would always fail because the file is never present at the time of the call (see previous call to unlink). In linux, the permissions of the created domain socket are inherited from the sockets parent directory. So, you can control the permissions of the socket by placing it in an appropriate directory.

  2. Log in to comment