SO_PEERCRED is simple way to get pid/uid/gid of connected AF_UNIX stream socket, SCM_CREDENTIALS is more or less the same, but more complex (various ancillary messages). Links to example showing both ways.
- Why there are two ways to get more or less the same information?
- Why the more comfortable SO_PEERCRED is not listed in unix(7) manpage?
- Which is use more in real-life applicatins?
What should I use?
If I understand correctly, there is a subtle difference between the two.
SO_PEERCREDretrieves the credentials of the peer process, without requiring any interaction from the peer process. In contrast,SCM_CREDENTIALSis a mechanism to send / receive credentials of the peer process, which are then checked by the kernel. This subtle difference may matter when a process is running as UID 0.SCM_CREDENTIALSallows a process running as UID 0, to declare itself less privileged (e.g., UID 50), whereas this would not be possible withSO_PEERCRED.See above. I guess using
SCM_CREDENTIALSis encouraged andSO_PEERCREDis only supported for compatibility.The dbus daemon seems to use
SO_PEERCREDandgetpeereid(). I think it is best to copy their code in order to portably get the credentials.http://cgit.freedesktop.org/dbus/dbus/tree/dbus/dbus-sysdeps-unix.c?id=edaa6fe253782dda959d78396b43e9fd71ea77e3