Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.unix.programmer > #641

Re: mq_open - permission denied

From Rainer Weikusat <rweikusat@mssgmbh.com>
Newsgroups comp.unix.programmer
Subject Re: mq_open - permission denied
Date 2011-05-22 21:42 +0100
Message-ID <87d3jaa2mk.fsf@sapphire.mobileactivedefense.com> (permalink)
References <eaaa82e5-3018-4b6b-876e-68ebd13270a2@f11g2000vbx.googlegroups.com>

Show all headers | View raw

gogol <eromascanu@gmail.com> writes:
> I try to get a comm channel between the request handler of Apache2 and
> another process referred to as app process. The request handler
> process and the app process are owned by different users (request
> handler process has uid of 1, the app process has uid of 1000). The
> app process creates successfully a message queue with the following
> code:
>
> /* set the message queue attributes */
> struct mq_attr attr;
> attr.mq_maxmsg  = max_msgs;
> attr.mq_msgsize = max_msgsize;
> attr.mq_flags   = O_NONBLOCK;
>
> errno = 0;
> mqd_t msgQ = mq_open(
> 	mqname,	/* message queue name */
> 	O_RDWR | O_NONBLOCK | O_CREAT | O_EXCL, /* oflag */
> 	S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH |
> S_IWOTH | S_IXOTH, /* mode */
> 	&attr); /* attributes */

Making a message queue executable makes preciously little sense. Also,
do yourself a favor and ignore this set of inpronouncible acronyms in
favor of using octal numbers, like everyone else does. The values are
actually standardized as

	0400	owner read
        0200	owner write
        0100	owner execute

with 'group' and 'other' permission encoded just like that, but using
00x0 for group permissions and 000x for other permissions. This reduces
the ASCII character flatworm to a simple 0777 (0666 in order to omit
the execute permission).

> The request handler attempts to open that (existing) messaege queue
> with:
>
> mqd_t msgQ = mq_open(
> 	mqname,	              /* message queue name */
> 	O_RDWR | O_NONBLOCK); /* mode */
>
> The attempt to open the existing message queue fails with errno=13 -
> permission denied.

Only the first two arguments to mq_open have standardized
semantics. At least on Linux, the third argument is interpreted like
all other access permission arguments, meaning, a set of effective
permission bits is calculated by masking the bits which are currently
set in the umask of the executing process. Assuming that x is your
input value, the value which gets applied is actually

	x & ~umask

and umask will usually by 022 or 002, cause the group write and other
write bits to be disabled.

Back to comp.unix.programmer | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

mq_open - permission denied gogol <eromascanu@gmail.com> - 2011-05-21 06:53 -0700
  Re: mq_open - permission denied Rainer Weikusat <rweikusat@mssgmbh.com> - 2011-05-22 21:42 +0100
    Re: mq_open - permission denied gogol <eromascanu@gmail.com> - 2011-05-22 14:42 -0700
      Re: mq_open - permission denied Rainer Weikusat <rweikusat@mssgmbh.com> - 2011-05-23 11:14 +0100
        Re: mq_open - permission denied gogol <eromascanu@gmail.com> - 2011-05-23 06:15 -0700
          Re: mq_open - permission denied Rainer Weikusat <rweikusat@mssgmbh.com> - 2011-05-23 15:19 +0100
            Re: mq_open - permission denied gogol <eromascanu@gmail.com> - 2011-05-23 16:34 -0700
          Re: mq_open - permission denied scott@slp53.sl.home (Scott Lurndal) - 2011-05-23 16:34 +0000
            Re: mq_open - permission denied gogol <eromascanu@gmail.com> - 2011-05-23 12:28 -0700
              Re: mq_open - permission denied Rainer Weikusat <rweikusat@mssgmbh.com> - 2011-05-24 11:29 +0100
        Re: mq_open - permission denied gogol <eromascanu@gmail.com> - 2011-05-23 06:18 -0700

csiph-web