message queue permission problem...

message queue permission problem...

Post by Donghyun Jun » Thu, 26 Aug 1999 04:00:00



Quote:

> But, I tried to test other way:
> a qid was opened using 0600 permission mode -- qid=msgget(key,
> IPC_CREAT|0600);
> and then
> $msgq m 644          # This command is successfully.
> $msgq m 666          # This command is successfully.
> $msgq m 644          # This command is failed.
> msgget(): Permission denied.

   Sorry. All command above is successfully.

   If qid is opened having a 0600 permission, all exchanging attempt is
successfully.

 
 
 

message queue permission problem...

Post by John Simpso » Thu, 26 Aug 1999 04:00:00



> > But, I tried to test other way:
> > a qid was opened using 0600 permission mode -- qid=msgget(key,
> > IPC_CREAT|0600);
> > and then
> > $msgq m 644          # This command is successfully.
> > $msgq m 666          # This command is successfully.
> > $msgq m 644          # This command is failed.
> > msgget(): Permission denied.

>    Sorry. All command above is successfully.

>    If qid is opened having a 0600 permission, all exchanging attempt is
> successfully.

Just a note on ftok() for msgget() function.  _Always_ check the return
code from ftok().  In AIX, if ftok() cannot generate an id, it returns a
-1.  IBM changed the value of IPC_PRIVATE from 0 to -1 when they went
from AIX 3.x to AIX 4.x.  This can cause some very * results when
creating the message queues.  Linux 5.2 still uses 0 for IPC_PRIVATE,
but I don't know about other platforms.
--
John H. Simpson Phone: 503-450-2667  FAX: 503-450-3629
CNF AdTech Center. (CNF Transportation, Inc.)
1717 NW 21st St.
Portland, OREGON 97209 USA
for e-mail, remove _not_oj_ from address

 
 
 

message queue permission problem...

Post by Donghyun Jun » Fri, 27 Aug 1999 04:00:00


I am sorry for my poor English but I believe that you suggest a solution.

I created a message queue using msgget() after ftok().

let's assume that this is qid, a executed file name is 'msgq' and
'm' option is exchanging message queue permission mode(a value of
msg_perm.mode)

the qid was opened as follows:
key=ftok(".", 'm');
qid=msgget(key, IPC_CREAT|0666);

then, I tested like this if correct openning qid:
$ msgq m 644         # This command is successfully.
$ msgq m 666         # This command is failed
msgget(): Permission denied

I get a error messge that is "Permission denied".
I understood a reason that 'msgq' using a permission of 0666 accessed qid
exchanging
already permission mode from 0666 into 0644.
Right?

But, I tried to test other way:
a qid was opened using 0600 permission mode -- qid=msgget(key,
IPC_CREAT|0600);
and then
$msgq m 644          # This command is successfully.
$msgq m 666          # This command is successfully.
$msgq m 644          # This command is failed.
msgget(): Permission denied.

Why did this thing happen??
I am the owner for qid. A owner permisson wasn't change -- all 6, read and
write.
but I met a error when exchanging from high permission into low
permission(0666->0644, etc)

I am wondering a difference between a former error and a latter error, and
a reason if my assumption -- a error was accrued only when changing from
high in low --
is correct,

At last, is there a method preventing this error message and exchanging
permission???

Thanks for reading.

 
 
 

message queue permission problem...

Post by Donghyun Jun » Fri, 27 Aug 1999 04:00:00





> > > But, I tried to test other way:
> > > a qid was opened using 0600 permission mode -- qid=msgget(key,
> > > IPC_CREAT|0600);
> > > and then
> > > $msgq m 644          # This command is successfully.
> > > $msgq m 666          # This command is successfully.
> > > $msgq m 644          # This command is failed.
> > > msgget(): Permission denied.

> >    Sorry. All command above is successfully.

> >    If qid is opened having a 0600 permission, all exchanging attempt is
> > successfully.

> Just a note on ftok() for msgget() function.  _Always_ check the return
> code from ftok().  In AIX, if ftok() cannot generate an id, it returns a
> -1.  IBM changed the value of IPC_PRIVATE from 0 to -1 when they went
> from AIX 3.x to AIX 4.x.  This can cause some very * results when
> creating the message queues.  Linux 5.2 still uses 0 for IPC_PRIVATE,
> but I don't know about other platforms.
> --
> John H. Simpson Phone: 503-450-2667  FAX: 503-450-3629
> CNF AdTech Center. (CNF Transportation, Inc.)
> 1717 NW 21st St.
> Portland, OREGON 97209 USA
> for e-mail, remove _not_oj_ from address

Thanks for your reply.....

I checked the return value of ftok() as follows:

/* create unique key value via call to ftok() */
if((key=ftok(".", 'm'))==-1) {
        perror("ftok()");
       exit(EXIT_FAILURE);

Quote:}

/* open the queue and create if necessary */
if((qid = msgget(key, IPC_CREAT|0666)) == -1) {
       perror("msgget()");
      exit(EXIT_FAILURE);
 }

And I work on SunOS 5.5.1. The value of IPC_PRIVATE is 0 on SunOS5.5.1. and
FreeBSD 2.2.7.

I am confused. I don't know what to do.
Why does a error cause when a message queue having the permission of 0666 is
opened????

 
 
 

1. Message Queue Permissions?

Hi folks,

I'm encountering some problems with message queue permissions. It seems
that the permissions only act as expected when the 'real' user id of the
invoking program (trying to access the message queues) is root. For instance,
if a program is invoked from the '/etc/rc' scripts or from cron, everything
acts as expected (note that the effective user id in these cases is a normal
user, via 'su -c' for the '/etc/rc' scripts). But, when the actual user
submits the same program from the command line, the permissions behave
differently.

More specifically, the root-executed programs can access the message queues
(for write) as expected, but the non-root-executed programs are denied access
if they aren't in the same group as the creator of the message queue.

The mode field from an 'ipcs -qa' looks like this ....

   MODE
   --rw--w--w-  

I interpret the status line above to mean that anyone can write to the
message queue, but only the message queue's creator can read from the
message queue. I could just change every user to belong to the same group,
but this doesn't seem necessary according to my understanding of how message
queue permissions should work. Any ideas? By the way, the platform in question
is a DG Aviion box, running DG/UX.

--------------------------------------------------------------------------------
Regards,                        Phone: (416) 947-4269

                                Post:  2 First Canadian Place
Floor & Product System                 Toronto, Ontario
The Toronto Stock Exchange             M5X-1J2

2. lilo question

3. IPC Message Queue Permissions

4. Mandrake 8.0 boot problem

5. Solaris x86: Booting from Secondary HD?

6. color xterm for Solaris: is there a port?

7. Error Message of Message Queue

8. HELP! encoding messages for message queues

9. Deleting a message from a message queue??

10. HELP!: encoding messages for message queues

11. HELP! encoding messages for message queues