difference between local and inet socket? Announcing the arrival of Valued Associate #679:...
Why does tar appear to skip file contents when output file is /dev/null?
Are my PIs rude or am I just being too sensitive?
Passing functions in C++
How should I respond to a player wanting to catch a sword between their hands?
Two different pronunciation of "понял"
What do you call the holes in a flute?
Stop battery usage [Ubuntu 18]
Single author papers against my advisor's will?
Is above average number of years spent on PhD considered a red flag in future academia or industry positions?
Using "nakedly" instead of "with nothing on"
What are the performance impacts of 'functional' Rust?
How do you clear the ApexPages.getMessages() collection in a test?
Active filter with series inductor and resistor - do these exist?
What's the difference between (size_t)-1 and ~0?
Writing Thesis: Copying from published papers
New Order #5: where Fibonacci and Beatty meet at Wythoff
How do I automatically answer y in bash script?
Do we know why communications with Beresheet and NASA were lost during the attempted landing of the Moon lander?
How can I make names more distinctive without making them longer?
Limit for e and 1/e
What LEGO pieces have "real-world" functionality?
Working around an AWS network ACL rule limit
If I can make up priors, why can't I make up posteriors?
How are presidential pardons supposed to be used?
difference between local and inet socket?
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
Come Celebrate our 10 Year Anniversary!What's the difference between Unix socket and TCP/IP socket?Forward local port or socket file to remote socket fileNetwork access issues after upgrading to SqueezeWhen to use a MySQL socket and when to use a host:port?When using netstat on a listening port what is the difference between localhost:6666 and [::]:6666 in 'Local Address' fieldConfiguring Postfix to use milter (archiveSMTP)Difference between TCP ping and Socket Connection“lost connection after UNKNOWN” (OpenDKIM + postfix receiving emails)How to correctly set up routing on machine with 4 interfaces so that three of interfaces are on the same subnet?How to route between two interfaces?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
I noticed that, while setting up opendkim, the options for the Socket are:
#SOCKET="local:/var/run/opendkim/opendkim.sock" # default
#SOCKET="inet:54321" # listen on all interfaces on port 54321
#SOCKET="inet:12345@localhost" # listen on loopback on port 12345
#SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345
What is the difference (if any) between the local:[...].sock socket and the inet:[...]@localhost socket? Do user permissions come into play for one or the other? Is there a security benefit from using one or the other? Are there any functional differences at all?
networking debian socket opendkim
add a comment |
I noticed that, while setting up opendkim, the options for the Socket are:
#SOCKET="local:/var/run/opendkim/opendkim.sock" # default
#SOCKET="inet:54321" # listen on all interfaces on port 54321
#SOCKET="inet:12345@localhost" # listen on loopback on port 12345
#SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345
What is the difference (if any) between the local:[...].sock socket and the inet:[...]@localhost socket? Do user permissions come into play for one or the other? Is there a security benefit from using one or the other? Are there any functional differences at all?
networking debian socket opendkim
The local: socket is a file which resides on the filesystem and the inet@localhost socket is a network port. Yes. Yes. Probably. But to answer it in the form of an Answer is much more involved. If I'm not mistaken, there's not supposed to be any functional difference between the two, but over a decade ago, they each had a set of quirks due to the parts of the implementations that aren't shared, and it came down to which set of quirks you were more able to handle. That was a decade ago, and I'm out of date on those details now, as there have been many updates since then.
– Ed Grimm
Feb 4 at 5:04
I don't doubt that the answer would be pretty complicated. I consider myself a proficient Googler and couldn't find anything on the subject!
– user508305
Feb 4 at 20:51
I think what most people first try the localhost one and see if they can get that to work for them, as there is often at least some desire to be able to expose it to networking, so that you could, for example, have a common milter server that your email servers shared. Or possibly even have load balanced milter servers that your independently load balanced mail servers shared. If the quirks with the localhost socket prove too much, then try the unix socket file to see if it works better.
– Ed Grimm
Feb 5 at 3:41
add a comment |
I noticed that, while setting up opendkim, the options for the Socket are:
#SOCKET="local:/var/run/opendkim/opendkim.sock" # default
#SOCKET="inet:54321" # listen on all interfaces on port 54321
#SOCKET="inet:12345@localhost" # listen on loopback on port 12345
#SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345
What is the difference (if any) between the local:[...].sock socket and the inet:[...]@localhost socket? Do user permissions come into play for one or the other? Is there a security benefit from using one or the other? Are there any functional differences at all?
networking debian socket opendkim
I noticed that, while setting up opendkim, the options for the Socket are:
#SOCKET="local:/var/run/opendkim/opendkim.sock" # default
#SOCKET="inet:54321" # listen on all interfaces on port 54321
#SOCKET="inet:12345@localhost" # listen on loopback on port 12345
#SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345
What is the difference (if any) between the local:[...].sock socket and the inet:[...]@localhost socket? Do user permissions come into play for one or the other? Is there a security benefit from using one or the other? Are there any functional differences at all?
networking debian socket opendkim
networking debian socket opendkim
asked Feb 3 at 22:31
user508305
The local: socket is a file which resides on the filesystem and the inet@localhost socket is a network port. Yes. Yes. Probably. But to answer it in the form of an Answer is much more involved. If I'm not mistaken, there's not supposed to be any functional difference between the two, but over a decade ago, they each had a set of quirks due to the parts of the implementations that aren't shared, and it came down to which set of quirks you were more able to handle. That was a decade ago, and I'm out of date on those details now, as there have been many updates since then.
– Ed Grimm
Feb 4 at 5:04
I don't doubt that the answer would be pretty complicated. I consider myself a proficient Googler and couldn't find anything on the subject!
– user508305
Feb 4 at 20:51
I think what most people first try the localhost one and see if they can get that to work for them, as there is often at least some desire to be able to expose it to networking, so that you could, for example, have a common milter server that your email servers shared. Or possibly even have load balanced milter servers that your independently load balanced mail servers shared. If the quirks with the localhost socket prove too much, then try the unix socket file to see if it works better.
– Ed Grimm
Feb 5 at 3:41
add a comment |
The local: socket is a file which resides on the filesystem and the inet@localhost socket is a network port. Yes. Yes. Probably. But to answer it in the form of an Answer is much more involved. If I'm not mistaken, there's not supposed to be any functional difference between the two, but over a decade ago, they each had a set of quirks due to the parts of the implementations that aren't shared, and it came down to which set of quirks you were more able to handle. That was a decade ago, and I'm out of date on those details now, as there have been many updates since then.
– Ed Grimm
Feb 4 at 5:04
I don't doubt that the answer would be pretty complicated. I consider myself a proficient Googler and couldn't find anything on the subject!
– user508305
Feb 4 at 20:51
I think what most people first try the localhost one and see if they can get that to work for them, as there is often at least some desire to be able to expose it to networking, so that you could, for example, have a common milter server that your email servers shared. Or possibly even have load balanced milter servers that your independently load balanced mail servers shared. If the quirks with the localhost socket prove too much, then try the unix socket file to see if it works better.
– Ed Grimm
Feb 5 at 3:41
The local: socket is a file which resides on the filesystem and the inet@localhost socket is a network port. Yes. Yes. Probably. But to answer it in the form of an Answer is much more involved. If I'm not mistaken, there's not supposed to be any functional difference between the two, but over a decade ago, they each had a set of quirks due to the parts of the implementations that aren't shared, and it came down to which set of quirks you were more able to handle. That was a decade ago, and I'm out of date on those details now, as there have been many updates since then.
– Ed Grimm
Feb 4 at 5:04
The local: socket is a file which resides on the filesystem and the inet@localhost socket is a network port. Yes. Yes. Probably. But to answer it in the form of an Answer is much more involved. If I'm not mistaken, there's not supposed to be any functional difference between the two, but over a decade ago, they each had a set of quirks due to the parts of the implementations that aren't shared, and it came down to which set of quirks you were more able to handle. That was a decade ago, and I'm out of date on those details now, as there have been many updates since then.
– Ed Grimm
Feb 4 at 5:04
I don't doubt that the answer would be pretty complicated. I consider myself a proficient Googler and couldn't find anything on the subject!
– user508305
Feb 4 at 20:51
I don't doubt that the answer would be pretty complicated. I consider myself a proficient Googler and couldn't find anything on the subject!
– user508305
Feb 4 at 20:51
I think what most people first try the localhost one and see if they can get that to work for them, as there is often at least some desire to be able to expose it to networking, so that you could, for example, have a common milter server that your email servers shared. Or possibly even have load balanced milter servers that your independently load balanced mail servers shared. If the quirks with the localhost socket prove too much, then try the unix socket file to see if it works better.
– Ed Grimm
Feb 5 at 3:41
I think what most people first try the localhost one and see if they can get that to work for them, as there is often at least some desire to be able to expose it to networking, so that you could, for example, have a common milter server that your email servers shared. Or possibly even have load balanced milter servers that your independently load balanced mail servers shared. If the quirks with the localhost socket prove too much, then try the unix socket file to see if it works better.
– Ed Grimm
Feb 5 at 3:41
add a comment |
1 Answer
1
active
oldest
votes
Opendkim uses "local:" to refer to a unix domain socket, inet: to refer to an inet domain (ipv4) socket and inet6 to refer to an inet6 domain (ipv6) socket.
Unix domain sockets are local to a single machine and listening unix domain sockets live in the file-system hierarchy. Access can be controlled through file permissions and the server application can check which user has connected (I do not know if opendkim uses this feature). There are also some special features available but I don't think they are relevant here.
inet domain sockets may be bound to either an individual ipv4 address or to the 0.0.0.0 wildcard for all ipv4 addresses assigned to the machine. If it's bound to localhost (127.0.0.1) then it can only be accessed by applications on the same machine, but you can't easily restrict it more than that.
inet6 domain sockets again can be bound to either an individual ipv6 address or bound to the wildcard "::" for all ipv6 addresses assigned to the machine. In some cases (depending on sysctl configuration and socket options used by the application) it is possible for an inet6 socket listening on all interfaces to also accept ipv4 connections.
answered 18 mins ago
Peter GreenPeter Green
3,001625
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f952155%2fdifference-between-local-and-inet-socket%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Opendkim uses "local:" to refer to a unix domain socket, inet: to refer to an inet domain (ipv4) socket and inet6 to refer to an inet6 domain (ipv6) socket.
Unix domain sockets are local to a single machine and listening unix domain sockets live in the file-system hierarchy. Access can be controlled through file permissions and the server application can check which user has connected (I do not know if opendkim uses this feature). There are also some special features available but I don't think they are relevant here.
inet domain sockets may be bound to either an individual ipv4 address or to the 0.0.0.0 wildcard for all ipv4 addresses assigned to the machine. If it's bound to localhost (127.0.0.1) then it can only be accessed by applications on the same machine, but you can't easily restrict it more than that.
inet6 domain sockets again can be bound to either an individual ipv6 address or bound to the wildcard "::" for all ipv6 addresses assigned to the machine. In some cases (depending on sysctl configuration and socket options used by the application) it is possible for an inet6 socket listening on all interfaces to also accept ipv4 connections.
answered 18 mins ago
Peter GreenPeter Green
3,001625
add a comment |
Opendkim uses "local:" to refer to a unix domain socket, inet: to refer to an inet domain (ipv4) socket and inet6 to refer to an inet6 domain (ipv6) socket.
Unix domain sockets are local to a single machine and listening unix domain sockets live in the file-system hierarchy. Access can be controlled through file permissions and the server application can check which user has connected (I do not know if opendkim uses this feature). There are also some special features available but I don't think they are relevant here.
inet domain sockets may be bound to either an individual ipv4 address or to the 0.0.0.0 wildcard for all ipv4 addresses assigned to the machine. If it's bound to localhost (127.0.0.1) then it can only be accessed by applications on the same machine, but you can't easily restrict it more than that.
inet6 domain sockets again can be bound to either an individual ipv6 address or bound to the wildcard "::" for all ipv6 addresses assigned to the machine. In some cases (depending on sysctl configuration and socket options used by the application) it is possible for an inet6 socket listening on all interfaces to also accept ipv4 connections.
answered 18 mins ago
Peter GreenPeter Green
3,001625
add a comment |
Opendkim uses "local:" to refer to a unix domain socket, inet: to refer to an inet domain (ipv4) socket and inet6 to refer to an inet6 domain (ipv6) socket.
Unix domain sockets are local to a single machine and listening unix domain sockets live in the file-system hierarchy. Access can be controlled through file permissions and the server application can check which user has connected (I do not know if opendkim uses this feature). There are also some special features available but I don't think they are relevant here.
inet domain sockets may be bound to either an individual ipv4 address or to the 0.0.0.0 wildcard for all ipv4 addresses assigned to the machine. If it's bound to localhost (127.0.0.1) then it can only be accessed by applications on the same machine, but you can't easily restrict it more than that.
inet6 domain sockets again can be bound to either an individual ipv6 address or bound to the wildcard "::" for all ipv6 addresses assigned to the machine. In some cases (depending on sysctl configuration and socket options used by the application) it is possible for an inet6 socket listening on all interfaces to also accept ipv4 connections.
answered 18 mins ago
Peter GreenPeter Green
3,001625
Opendkim uses "local:" to refer to a unix domain socket, inet: to refer to an inet domain (ipv4) socket and inet6 to refer to an inet6 domain (ipv6) socket.
Unix domain sockets are local to a single machine and listening unix domain sockets live in the file-system hierarchy. Access can be controlled through file permissions and the server application can check which user has connected (I do not know if opendkim uses this feature). There are also some special features available but I don't think they are relevant here.
inet domain sockets may be bound to either an individual ipv4 address or to the 0.0.0.0 wildcard for all ipv4 addresses assigned to the machine. If it's bound to localhost (127.0.0.1) then it can only be accessed by applications on the same machine, but you can't easily restrict it more than that.
inet6 domain sockets again can be bound to either an individual ipv6 address or bound to the wildcard "::" for all ipv6 addresses assigned to the machine. In some cases (depending on sysctl configuration and socket options used by the application) it is possible for an inet6 socket listening on all interfaces to also accept ipv4 connections.
answered 18 mins ago
Peter GreenPeter Green
3,001625
answered 18 mins ago
Peter GreenPeter Green
3,001625
answered 18 mins ago
Peter GreenPeter Green
3,001625
answered 18 mins ago
Peter GreenPeter Green
3,001625
3,001625
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f952155%2fdifference-between-local-and-inet-socket%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
The local: socket is a file which resides on the filesystem and the inet@localhost socket is a network port. Yes. Yes. Probably. But to answer it in the form of an Answer is much more involved. If I'm not mistaken, there's not supposed to be any functional difference between the two, but over a decade ago, they each had a set of quirks due to the parts of the implementations that aren't shared, and it came down to which set of quirks you were more able to handle. That was a decade ago, and I'm out of date on those details now, as there have been many updates since then.
– Ed Grimm
Feb 4 at 5:04
I don't doubt that the answer would be pretty complicated. I consider myself a proficient Googler and couldn't find anything on the subject!
– user508305
Feb 4 at 20:51
I think what most people first try the localhost one and see if they can get that to work for them, as there is often at least some desire to be able to expose it to networking, so that you could, for example, have a common milter server that your email servers shared. Or possibly even have load balanced milter servers that your independently load balanced mail servers shared. If the quirks with the localhost socket prove too much, then try the unix socket file to see if it works better.
– Ed Grimm
Feb 5 at 3:41