I have a program that is listening to a Unix Domain Socket. When a

Question

0

Asked: May 26, 20262026-05-26T19:38:19+00:00 2026-05-26T19:38:19+00:00

I have a program that is listening to a Unix Domain Socket. When a

0

I have a program that is listening to a Unix Domain Socket.

When a client connects to the socket I’d like to find out which program connected and then decide if I allow the connection or not (based on the user/group settings).

Is this possible under Linux, and if so, how?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T19:38:20+00:00

Yes, this is possible on Linux, but it won’t be very portable. It’s achieved using what is called “ancillary data” with sendmsg / recvmsg.

Use SO_PASSCRED with setsockopt
Use SCM_CREDENTIALS and the struct ucred structure

This structure is defined in Linux:

struct ucred {
    pid_t pid;    /* process ID of the sending process */
    uid_t uid;    /* user ID of the sending process */
    gid_t gid;    /* group ID of the sending process */
};

Note you have to fill these in your msghdr.control, and the kernel will check if they’re correct.

The main portability hindrance is that this structure differs on other Unixes – for example on FreeBSD it’s:

struct cmsgcred {
    pid_t   cmcred_pid;          /* PID of sending process */
    uid_t   cmcred_uid;          /* real UID of sending process */
    uid_t   cmcred_euid;         /* effective UID of sending process */
    gid_t   cmcred_gid;          /* real GID of sending process */
    short   cmcred_ngroups;      /* number or groups */
    gid_t   cmcred_groups[CMGROUP_MAX];     /* groups */
};

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a program that is listening to a Unix Domain Socket. When a

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply