User permission to create new File Descriptor

Mat asked:

On CentOS 8 I have a Bash script which uses a non-standard file descriptor (/dev/fd/5) and needs to be executed by a standard user (not root).

When the user executes the script it receives

tee: /dev/fd/5: Permission denied

The code snippet which is raising this error is this:

# Print message both to stdout and FD5
msg() {
    msg="$1"
    echo "$msg" | tee /dev/fd/5
}

What kind of permission I should give to user to let it create and use a new File Descriptor?

My answer:


There’s no permission you can give for a program to write to a read only section of the /proc filesystem.

Take a look at the path you used /dev/fd/5. Notice that /dev/fd is actually a symlink to /proc/self/fd. This means that these descriptors reference each program’s own open files.

When you ask tee to write to /dev/fd/5 it can’t do so because /proc/self/fd/5 doesn’t exist. It doesn’t exist because tee didn’t open it. And the kernel won’t allow it to be created as a regular file.

If the file descriptor was opened by the script, then you should just send output there directly.

echo "$msg" >&5

If the file descriptor was not opened by the script, you need to rethink your approach to whatever you are doing.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.