s6
Software
skarnet.org
The s6-ipcserver program
s6-ipcserver is an
UCSPI server tool for
Unix domain sockets, i.e. a super-server.
It accepts connections from clients, and forks a
program to handle each connection.
Interface
s6-ipcserver [ -1 ] [ -q | -Q | -v ] [ -d | -D ] [ -P | -p ] [ -c maxconn ] [ -C localmaxconn ] [ -b backlog ] [ -G gidlist ] [ -g gid ] [ -u uid ] [ -U ] path prog...
- s6-ipcserver binds a Unix domain socket to path.
- It can drop its root privileges.
- It closes its stdin and stdout.
- For every client connection to this socket, it
forks. The child sets some environment variables, then
executes prog... with stdin reading from the socket and
stdout writing to it.
- Depending on the verbosity level, it logs what it does to stderr.
- It runs until killed by a signal. Depending on the received
signal, it may kill its children before exiting.
- s6-ipcserver actually doesn't do any of this itself. It is
a wrapper, rewriting the command line and executing into a chain
of programs that perform those duties.
Implementation
- s6-ipcserver parses the options and arguments it is given, and
builds a new command line with them. It then executes into that new
command line.
- The first program s6-ipcserver executes into is
s6-ipcserver-socketbinder.
It will create and bind a Unix domain socket to path, then
execute into the rest of the command line.
- If a privilege-dropping operation has been requested, the
program that s6-ipcserver-socketbinder executes into is
s6-applyuidgid.
It will drop the root privileges, then execute into the rest of the
command line.
- The next program in the chain is
s6-ipcserverd. It is executed into
by s6-applyuidgid, or directly by s6-ipcserver-socketbinder if no
privilege-dropping operation has been requested. s6-ipcserverd is
the long-lived process, the "daemon" itself, accepting connections
from clients.
- For every client, s6-ipcserverd will spawn an instance of
prog..., the remainder of the command line.
Options
- -1 : write a newline to stdout, before
closing it, right after binding and listening to the Unix socket.
If stdout is suitably redirected, this can be used by monitoring
programs to check when the server is ready to accept connections.
- -q : be quiet.
- -Q : be normally verbose. This is the default.
- -v : be verbose.
- -d : allow instant rebinding to the same path
even if it has been used not long ago - this is the SO_REUSEADDR flag to
setsockopt()
and is generally used with server programs. This is the default. Note that
path will be deleted if it already exists at program start time.
- -D : disallow instant rebinding to the same path.
- -P : disable client credentials lookups. The
IPCREMOTEEUID and IPCREMOTEEGID environment variables will be unset
in every instance of prog.... This is the portable option,
because not every system supports credential lookup across Unix domain
sockets; but it is not as secure.
- -p : enable client credentials lookups. This
is the default; it works at least on Linux, Solaris, and
*BSD systems. On systems that do not support it, every connection
attempt will fail with a warning message.
- -c maxconn : accept at most
maxconn concurrent connections. Default is 40. It is
impossible to set it higher than 1000.
- -C localmaxconn : accept at most
localmaxconn connections from the same user ID.
Default is 40. It is impossible to set it higher than maxconn.
- -b backlog : set a maximum of
backlog backlog connections on the socket. Extra
connection attempts will rejected by the kernel.
- -G gidlist : change s6-ipcserver's
supplementary group list to gidlist after binding the socket.
This is only valid when run as root. gidlist must be a
comma-separated list of numerical group IDs.
- -g gid : change s6-ipcserver's groupid
to gid after binding the socket. This is only valid when run
as root.
- -u uid : change s6-ipcserver's userid
to uid after binding the socket. This is only valid when run
as root.
- -U : change s6-ipcserver's user id, group id and
supplementary group list
according to the values of the UID, GID and GIDLIST environment variables
after binding the socket. This is only valid when run as root.
This can be used with the
s6-envuidgid
program to easily script a service that binds to a privileged socket
then drops its privileges to those of a named non-root account.
Notes
- s6-ipcserver does not interpret its options itself. It just
dispatches them to the appropriate program on the command line that
it builds.
- Previous versions of s6-ipcserver were
monolithic: it did the work of s6-ipcserver-socketbinder,
s6-applyuidgid and s6-ipcserverd itself. The functionality has now
been split into several different programs because some service startup
schemes require the daemon to get its socket from an external
program instead of creating and binding it itself. The most obvious
application of this is upgrading a long-lived process without
losing existing connections.