Unix domain socket

From Wikipedia, the free encyclopedia
Jump to: navigation, search

A Unix domain socket or IPC socket (inter-process communication socket) is a data communications endpoint for exchanging data between processes executing within the same host operating system. While similar in functionality to named pipes, Unix domain sockets may be created as connection‑mode (SOCK_STREAM or SOCK_SEQPACKET) or as connectionless (SOCK_DGRAM), while pipes are streams only[clarify]. Processes using Unix domain sockets do not need to share a common ancestry. The API for Unix domain sockets is similar to that of an Internet socket, but it does not use an underlying network protocol for communication. The Unix domain socket facility is a standard component of POSIX operating systems.

Unix domain sockets use the file system as their address name space. They are referenced by processes as inodes in the file system. This allows two processes to open the same socket in order to communicate. However, communication occurs entirely within the operating system kernel.

In addition to sending data, processes may send file descriptors[clarify] across a Unix domain socket connection using the sendmsg() and recvmsg() system calls. This allows the sending processes to grant the receiving process access to a file descriptor for which the receiving process otherwise does not have access.[1] This can be used to implement a rudimentary form of capability-based security.[2] For example, this allows the Clam AntiVirus scanner to run as an unprivileged daemon on Linux and BSD, yet still read and scan any file sent to the daemon's Unix domain socket.

See also[edit]


  1. ^ "Archive of the "Postfix Discussions" mailing list". 30 September 2000. Retrieved 29 September 2014. 
  2. ^ ""Secure Programming for Linux and Unix HOWTO", Section 3.4 "Sockets and Network Connections"". dwheeler.com. David A. Wheeler. 22 August 2004. Retrieved 29 September 2014. 

External links[edit]