Socket applications that use a Unix address family

Changes made to the *PUBLIC authority for sockets that use the AF_UNIX or AF_UNIX_CCSID address family for this release might affect applications that use Unix sockets.

A change was made in this release to set the default *PUBLIC data authority of Unix sockets to *NONE.

Applications that use Unix sockets might experience authority failures unless they are changed to ensure the user profiles running the applications are granted sufficient authority to use the sockets. If the user profiles running the applications do not have sufficient authority to use the sockets, they will get a permission denied error. If all of the user profiles running the applications have *ALLOBJ special authority, no changes will be necessary.

The user profile that created the socket object will own the socket object when it is created. That user profile, or a user profile with *ALLOBJ special authority, can use various interfaces to change authorities so that other user profiles can perform operations on the socket. The chmod() API, QlgChmod() API, QlgChangeAuthority() API, Change Authority (CHGAUT) CL command, or chmod Qshell utility can be used to change the data authorities for *PUBLIC so that any user can access the socket. If only specific user profiles should be authorized to the socket, the QlgChangeAuthority() API or Change Authority (CHGAUT) CL command can be used. Access to Unix socket objects can also be restricted by setting permissions on the directories in the socket object path prefix.

The authorities required to perform various socket operations are as follows:

  Connection-Oriented Unix Socket Connectionless Unix Socket
bind() *RW *RW
connect() *RW *RW
sendto() *NONE *RW