aboutsummaryrefslogtreecommitdiffstats
s6: the s6-ipcserver program

s6
Software
skarnet.org

The s6-ipcserver program

s6-ipcserver is an UCSPI server tool for Unix domain sockets, i.e. a super-server. It accepts connections from clients, and forks a program to handle each connection.

Interface 

     s6-ipcserver [ -1 ] [ -q | -Q | -v ] [ -d | -D ] [ -P | -p ] [ -a perms ] [ -c maxconn ] [ -C localmaxconn ] [ -b backlog ] [ -G gidlist ] [ -g gid ] [ -u uid ] [ -U ] path prog...
  • s6-ipcserver binds a Unix domain socket to path.
  • It can drop its root privileges.
  • It closes its stdin and stdout.
  • For every client connection to this socket, it forks. The child sets some environment variables, then executes prog... with stdin reading from the socket and stdout writing to it.
  • Depending on the verbosity level, it logs what it does to stderr.
  • It runs until killed by a signal. Depending on the received signal, it may kill its children before exiting.
  • s6-ipcserver actually doesn't do any of this itself. It is a wrapper, rewriting the command line and executing into a chain of programs that perform those duties.

Implementation

  • s6-ipcserver parses the options and arguments it is given, and builds a new command line with them. It then executes into that new command line.
  • The first program s6-ipcserver executes into is s6-ipcserver-socketbinder. It will create and bind a Unix domain socket to path, then execute into the rest of the command line.
  • If a privilege-dropping operation has been requested, the program that s6-ipcserver-socketbinder executes into is s6-applyuidgid. It will drop the root privileges, then execute into the rest of the command line.
  • The next program in the chain is s6-ipcserverd. It is executed into by s6-applyuidgid, or directly by s6-ipcserver-socketbinder if no privilege-dropping operation has been requested. s6-ipcserverd is the long-lived process, the "daemon" itself, accepting connections from clients.
  • For every client, s6-ipcserverd will spawn an instance of prog..., the remainder of the command line.

Options

  • -1 : write a newline to stdout, before closing it, right after binding and listening to the Unix socket. If stdout is suitably redirected, this can be used by monitoring programs to check when the server is ready to accept connections.
  • -q : be quiet.
  • -Q : be normally verbose. This is the default.
  • -v : be verbose.
  • -d : allow instant rebinding to the same path even if it has been used not long ago - this is the SO_REUSEADDR flag to setsockopt() and is generally used with server programs. This is the default. Note that path will be deleted if it already exists at program start time.
  • -D : disallow instant rebinding to the same path.
  • -P : disable client credentials lookups. The IPCREMOTEEUID and IPCREMOTEEGID environment variables will be unset in every instance of prog.... This is the portable option, because not every system supports credential lookup across Unix domain sockets; but it is not as secure.
  • -p : enable client credentials lookups. This is the default; it works at least on Linux, Solaris, and *BSD systems. On systems that do not support it, every connection attempt will fail with a warning message.
  • -c maxconn : accept at most maxconn concurrent connections. Default is 40. It is impossible to set it higher than 1000.
  • -C localmaxconn : accept at most localmaxconn connections from the same user ID. Default is 40. It is impossible to set it higher than maxconn.
  • -b backlog : set a maximum of backlog backlog connections on the socket. Extra connection attempts will rejected by the kernel.
  • -a perms : create the socket with permissions perms, which is an octal number from 0000 to 0777. Default is 0777, meaning everyone can connect to it. 0700 means only processes having the same uid as the s6-ipcserver process can connect to it.
  • -G gidlist : change s6-ipcserver's supplementary group list to gidlist after binding the socket. This is only valid when run as root. gidlist must be a comma-separated list of numerical group IDs.
  • -g gid : change s6-ipcserver's groupid to gid after binding the socket. This is only valid when run as root.
  • -u uid : change s6-ipcserver's userid to uid after binding the socket. This is only valid when run as root.
  • -U : change s6-ipcserver's user id, group id and supplementary group list according to the values of the UID, GID and GIDLIST environment variables after binding the socket. This is only valid when run as root. This can be used with the s6-envuidgid program to easily script a service that binds to a privileged socket then drops its privileges to those of a named non-root account.

Notes

  • s6-ipcserver does not interpret its options itself. It just dispatches them to the appropriate program on the command line that it builds.
  • Previous versions of s6-ipcserver were monolithic: it did the work of s6-ipcserver-socketbinder, s6-applyuidgid and s6-ipcserverd itself. The functionality has now been split into several different programs because some service startup schemes require the daemon to get its socket from an external program instead of creating and binding it itself. The most obvious application of this is upgrading a long-lived process without losing existing connections.
generated by cgit v1.3.1 (git 2.54.0) at 2026-06-26 22:10:11 +0000