these are unix domain streams, not tcp/ip sockets. They are
essentially more powerful named pipes and are manipulated as Berkeley
sockets. The connections are made by a named nexus on the file
system. The closest comparison is they are the BSD version of SYSV
streams. There are no web servers that I am aware of that operate on
unix domain sockets. On a single machine, as unix domain sockets only
operate, credentials are absolute. They are also used for passing
file descriptors and other privileged operations.
Dan
On Sep 28, 2005, at 12:44, Rich Morin wrote:
> "man 4 unix" says:
>
> The effective credentials (i.e., the user ID and group list) of a
> peer on a SOCK_STREAM socket may be obtained using the
> LOCAL_PEERCRED
> socket option. This may be used by a server to obtain and
> verify the
> credentials of its client, and vice versa by the client to
> verify the
> credentials of the server. These will arrive in the form of a
> filled in
> struct xucred (defined in sys/ucred.h). The credentials
> presented to the
> server (the listen(2) caller) are those of the client when it
> called
> connect(2); the credentials presented to the client (the
> connect(2)
> caller) are those of the server when it called listen(2).
> This mechanism
> is reliable; there is no way for either party to influence the
> creden-
> tials presented to its peer except by calling the appropriate
> system call
> (e.g., connect(2) or listen(2)) under different effective
> credentials.
>
> So, it looks like I can augment the WEBrick socket code slightly
> and get
> the effect I want. Can anyone point me to the right file(s) or offer
> other useful hints?
>
> -r
> --
> email: rdm@cfcl.com; phone: +1 650-873-7841
> http://www.cfcl.com - Canta Forda Computer Laboratory
> http://www.cfcl.com/Meta - The FreeBSD Browser, Meta Project, etc.
>
>