[ic] mod_interchange and socket permissions

John Young john_young at sonic.net
Sat Sep 27 13:47:29 EDT 2003

Kaare Rasmussen wrote:

>>Temporarily set permissions at restart:
>>interchange -r SocketPerms=666
> This is more unsecure than should be necessary. I'd like it to be only the 
> specific user and group that are allowed access to the socket.

In interchange.cfg:
SocketPerms 0660

Create a specific group for your web server / httpd (for example, 'wwwsrv').

Place the Interchange socket in a directory with group ownership = httpd 
     (In Linux, chown interch.wwwsrv directoryname)
Set the group ID bit on the directory.
     (In Linux, chmod 2770 directoryname (Solaris requires chmod g+s 

Now, whenever Interchange is started, it will create a socket owned by
your Interchange user, but with a group ownership that httpd can read/write:

srw-rw----   1 interch   wwwsrv        0 Sep 24 01:04 socket

If your httpd group is exclusive enough, that should solve your problem.
I would not allow the httpd user and/or group to read other Interchange
files, though.

John Young

More information about the interchange-users mailing list