unix(4) UNIX-domain protocol family


In sys/types.h In sys/un.h


The UNIX protocol family is a collection of protocols that provides local (on-machine) interprocess communication through the normal socket(2) mechanisms. The UNIX family supports the SOCK_STREAM SOCK_SEQPACKET and SOCK_DGRAM socket types and uses file system pathnames for addressing.


UNIX addresses are variable-length file system pathnames of at most 104 characters. The include file In sys/un.h defines this address:
struct sockaddr_un {
        u_char  sun_len;
        u_char  sun_family;
        char    sun_path[104];

Binding a name to a UNIX socket with bind(2) causes a socket file to be created in the file system. This file is not removed when the socket is closed --- unlink(2) must be used to remove the file.

The length of UNIX address, required by bind(2) and connect(2), can be calculated by the macro Fn SUN_LEN defined in In sys/un.h . The sun_path field must be terminated by a NUL character to be used with Fn SUN_LEN , but the terminating NUL is not part of the address.

The UNIX protocol family does not support broadcast addressing or any form of ``wildcard'' matching on incoming messages. All addresses are absolute- or relative-pathnames of other UNIX sockets. Normal file system access-control mechanisms are also applied when referencing pathnames; e.g., the destination of a connect(2) or sendto(2) must be writable.


The UNIX sockets support the communication of UNIX file descriptors through the use of the msg_control field in the Fa msg argument to sendmsg(2) and recvmsg(2).

Any valid descriptor may be sent in a message. The file descriptor(s) to be passed are described using a Vt struct cmsghdr that is defined in the include file In sys/socket.h . The type of the message is SCM_RIGHTS and the data portion of the messages is an array of integers representing the file descriptors to be passed. The number of descriptors being passed is defined by the length field of the message; the length field is the sum of the size of the header plus the size of the array of file descriptors.

The received descriptor is a duplicate of the sender's descriptor, as if it were created via dup(fd) or fcntl(fd, F_DUPFD_CLOEXEC, 0) depending on whether MSG_CMSG_CLOEXEC is passed in the recvmsg(2) call. Descriptors that are awaiting delivery, or that are purposely not received, are automatically closed by the system when the destination socket is closed.


UNIX domain sockets support a number of socket options which can be set with setsockopt(2) and tested with getsockopt(2):

This option may be enabled on SOCK_DGRAM SOCK_SEQPACKET or a SOCK_STREAM socket. This option provides a mechanism for the receiver to receive the credentials of the process as a recvmsg(2) control message. The msg_control field in the Vt msghdr structure points to a buffer that contains a Vt cmsghdr structure followed by a variable length Vt sockcred structure, defined in In sys/socket.h as follows:
struct sockcred {
  uid_t sc_uid;         /* real user id */
  uid_t sc_euid;        /* effective user id */
  gid_t sc_gid;         /* real group id */
  gid_t sc_egid;        /* effective group id */
  int   sc_ngroups;     /* number of supplemental groups */
  gid_t sc_groups[1];   /* variable length */

The Fn SOCKCREDSIZE macro computes the size of the Vt sockcred structure for a specified number of groups. The Vt cmsghdr fields have the following values:

cmsg_len = CMSG_LEN(SOCKCREDSIZE(ngroups))
cmsg_level = SOL_SOCKET
cmsg_type = SCM_CREDS

On SOCK_STREAM and SOCK_SEQPACKET sockets credentials are passed only on the first read from a socket, then system clears the option on socket.

Used with SOCK_STREAM sockets, this option causes the connect(2) function to block until accept(2) has been called on the listening socket.
Requested via getsockopt(2) on a SOCK_STREAM socket returns credentials of the remote side. These will arrive in the form of a filled in Vt xucred structure, defined in In sys/ucred.h as follows:
struct xucred {
  u_int cr_version;             /* structure layout version */
  uid_t cr_uid;                 /* effective user id */
  short cr_ngroups;             /* number of groups */
  gid_t cr_groups[XU_NGROUPS];  /* groups */
The Vt cr_version fields should be checked against XUCRED_VERSION define.

The credentials presented to the server (the listen(2) caller) are those of the client when it called connect(2); the credentials presented to the client (the connect(2) caller) are those of the server when it called listen(2). This mechanism is reliable; there is no way for either party to influence the credentials presented to its peer except by calling the appropriate system call (e.g., connect(2) or listen(2)) under different effective credentials.

To reliably obtain peer credentials on a SOCK_DGRAM socket refer to the LOCAL_CREDS socket option.