|Can somebody answer my questions on unix sockets?|
I want to use unix sockets to have my web application communicate with my web server and avoid the TCP overhead. I am new to unix (OSX, actually), but I understand the basic concepts involved, and my app currently runs fine. However, it is sloppily done - generous permissions all around, etc - and I was hoping somebody could clear up a few of my questions so I can do a more professional job of it. (I know Google has the answers I'm looking for, but, based on how long I've already spent on this, it would probably save me ten hours if you could give me a more tailored response.)
- What are sockets, actually? I know they're a file on the disk, but I can't see anything in the file. So how do they work? Maybe, when a program creates a socket, it notifies the OS that a certain file is a socket? So then the OS intercepts reads and writes to the file?
- Is a socket strictly 1 to 1 communication? What would happen if another program on my computer decided to open the socket - could it see everything that passes through it? Could it actually intercept messages and prevent them from being delivered to their intended recipient? Should I do something to protect against this?
- How should I be handling permissions of the socket file? Let's say the web server is running as _serve and the web application is running as _webapp. Does _webapp own the socket? Should _serve be in the socket's group? Does it even matter?
- As a followup to 3, how can I create "invisible" users? I've read up on dscl and managed to create a new user, but I feel like there's volumes I'm missing. For example: my new user doesn't have a home folder (as intended, as it's not meant to be used by a human), but it still shows up at the login screen. How can I prevent that? Also, what other information should I be associating with users as I create them, other than uid, gid(s), and a password?
If you've read this far, thank you. I know these are pretty basic questions, but please don't give me links unless they specifically address what I'm asking. I've already read a number of "what are sockets?", "what are file permissions?" type pages. Also, please don't hesitate to answer only part of my post.
The file on disk is effectively a dummy (because everything is a file in Unix). It is marked as a socket, but everything stays in RAM.
File permissions on sockets depend on which Unix version you are using. I think OSX, being a BSD, should ignore them.
I do not know the answers to the rest.
Thank you for the reply graeme_p.
So, if you "open a socket", what you're really doing is sending a request to the OS that it notify you when another process sends it (the OS) something with the same socket? And the only reason there's a dummy file is to avoid the need for a separate hash table?
Also, socket file permissions do matter in OSX, though I'm not sure which or how. I was getting an error until I chmod'd the socket to 777 (which was probably overkill).