[−][src]Crate unix_cred
unix-cred
unix-cred
provides simple, cross-platform interfaces to read peer credentials from Unix
sockets. (OS-specific interfaces are also exposed if the extra functionality is necessary).
Stream vs. Datagram sockets
Some platforms support reading peer credentials from datagram sockets using ancillary messages.
Currently, unix-cred
does not support this; only stream sockets are supported.
Which credentials am I getting?
On all currently supported platforms, both of the following are true:
- The UID and GID returned by these interfaces are the effective UID/GID, not the real or saved UID/GID.
- The credentials returned are cached at the time that the
connect()
/socketpair()
call was made. (So if the process later drops privileges, or passes the file descriptor to an unprivileged process, it will still be shown as having elevated privileges.)
What are the other modules I see in this crate?
The ucred
and xucred
modules expose the OS-specific interfaces. ucred
provides the
Linux/OpenBSD/NetBSD interface, and xucred
provides the macOS/FreeBSD/DragonFlyBSD interface.
ucred
is not particularly useful; in most cases you should use get_peer_ids()
or
get_peer_pid_ids()
, which are more cross-platform. However, xucred
can be helpful since it
provides access to the process's full supplementary group list.
Modules
ucred | The |
Functions
get_peer_ids | Get the UID and GID of the given socket's peer. |
get_peer_pid_ids | Get the PID, UID, and GID of the given socket's peer. |