Skip to Content
Navigation:

A stick figure smiling

Here's a preview from my zine, Bite Size Linux!! If you want to see more comics like this, sign up for my saturday comics newsletter or browse more comics!

Image of a comic. To read the full HTML alt text, click "read the transcript". get the zine!
read the transcript!

unix domain sockets are files

$ file mysock.sock
socket

the file’s permissions determine who can send data to the socket.

they let 2 programs on the same computer communicate

Docker uses Unix domain sockets, for example!

process: GET/container (HTTP request) Docker: Here you go!

There are 2 kind of unix domain sockets

  • stream: Like TCP! Lets you send a continuous stream of bytes
  • datagram: Like UDP! Let you send discrete chunks of data

advantage 1

Lets you use file permission to restrict access to HTTP/database services!

chmod 600 secret.sock

This is why Docker uses a unix domain socket. (lock icon)

evil process: run evil container
Linux, nonplussed: permission denied

advantage 2

UDP sockets aren’t always reliable (even on the same compute).

unix domain datagram sockets ARE reliable! And they won’t reorder packets!

Process: I can send data and I KNOW it’ll arrive

advantage 3

You can send a file descriptor over a unix domain socket. Useful when handling untrusted input files.

process: here’s a file I downloaded from sketchy.com (putting it into video decoder, a sandboxed process)

Saturday Morning Comics!

Want another comic like this in your email every Saturday? Sign up here!

I'll send you one of my favourite comics from my archives every Saturday.
© Julia Evans 2025 | All rights reserved (see the FAQ for notes about licensing)