Return to Answer

The part you're quoting refers to creating a socket, which only happens when bind(2)ing to it, which is what nc -l -U /path/to/sock does [1]. Again, just like with creating any other file, the umask will affect the permissions of the created socket (umask == 022 => no write permission for other users => they cannot connect to the socket):

$ umask
0022
$ nc -Ul sock
^C
$ ls -l sock
srwxr-xr-x 1 xxx xxx 0 Oct 16 18:35 sock
     ^  ^

Both snippets talk about the on-disk "socket" special file / inode, not about the inode representing the active socket object (which appears in /proc/<pid>/fd, /proc/net/unix, etc).

[1] If another file with such name exists nc (like most program listening on Unix sockets) will forcefully remove it before binding to it:

$ echo text > file
$ strace nc -l -U file
...
socket(AF_UNIX, SOCK_STREAM, 0)         = 3
unlink("file")                          = 0
bind(3, {sa_family=AF_UNIX, sun_path="file"}, 110) = 0
listen(3, 5)                            = 0
accept4(3, 

The part you're quoting refers to creating a socket, which only happens when bind(2)ing to it, which is what nc -l -U /path/to/sock does. Again, just like with creating any other file, the umask will affect the permissions of the created socket (umask == 022 => no write permission for other users => they cannot connect to the socket):

$ umask
0022
$ nc -Ul sock
^C
$ ls -l sock
srwxr-xr-x 1 xxx xxx 0 Oct 16 18:35 sock
^    ^  ^

Binding to a unix domain socket always has to create it from scratch. You cannot bind to an existing file, that will fail with EADDRINUSE. Consequently, most programs (including nc) will forcefully remove any file with the same name before binding to it:

$ echo text > file
$ strace nc -l -U file
...
socket(AF_UNIX, SOCK_STREAM, 0)         = 3
unlink("file")                          = 0
bind(3, {sa_family=AF_UNIX, sun_path="file"}, 110) = 0
listen(3, 5)                            = 0
accept4(3, 

NB: both snippets talk about the on-disk "socket" special file / inode, not about the inode representing the active socket object (which appears in /proc/<pid>/fd, /proc/net/unix, etc):

$ nc -lU sock &
[1] 4424
$ ls -li sock
20983212 srwxr-xr-x 1 xxx xxx 0 Oct 17 18:01 sock
^^^^^^^^
$ ls -li /proc/4424/fd
total 0
43825 lrwx------ 1 xxx xxx 64 Oct 17 18:02 0 -> /dev/pts/4
43826 lrwx------ 1 xxx xxx 64 Oct 17 18:02 1 -> /dev/pts/4
43827 lrwx------ 1 xxx xxx 64 Oct 17 18:02 2 -> /dev/pts/4
43828 lrwx------ 1 xxx xxx 64 Oct 17 18:02 3 -> socket:[46378]
                                                        ^^^^^
$ grep 46378 /proc/net/unix
00000000ee8c0faa: 00000002 00000000 00010000 0001 01 46378 sock

You missed this in that same unix(7) manpage you're quoting from:

On Linux, connecting to a stream socket object requires write permission on that socket; sending a datagram to a datagram socket likewise requires write permission on that socket.

Of course, you also need search(execute) permission to all the leading directories from its path, just like with any other file.

The part you're quoting refers to creating a socket, which happens when bind(2)ing to it, which is what nc -l -U /path/to/sock does [1]. Again, just like with creating any other file, the umask will affect the permissions of the created socket (umask == 022 => no write permission for other users => they cannot connect to the socket):

$ umask
0022
$ nc -Ul sock
^C
$ ls -l sock
srwxr-xr-x 1 xxx xxx 0 Oct 16 18:35 sock
     ^  ^

Both snippets talk about the on-disk "socket" special file / inode, not about the inode representing the active socket object (which appears in /proc/<pid>/fd, /proc/net/unix, etc).

[1] If another file with such name exists nc (like most program listening on Unix sockets) will forcefully remove it before binding to it:

$ echo text > file
$ strace nc -l -U file
...
socket(AF_UNIX, SOCK_STREAM, 0)         = 3
unlink("file")                          = 0
bind(3, {sa_family=AF_UNIX, sun_path="file"}, 110) = 0
listen(3, 5)                            = 0
accept4(3, 

You missed this in that same unix(7) manpage you're quoting from:

On Linux, connecting to a stream socket object requires write permission on that socket; sending a datagram to a datagram socket likewise requires write permission on that socket.

Of course, you also need search(execute) permission to all the leading directories from its path, just like with any other file.

The part you're quoting refers to creating a socket, which only happens when bind(2)ing to it, which is what nc -l -U /path/to/sock does [1]. Again, just like with creating any other file, the umask will affect the permissions of the created socket (umask == 022 => no write permission for other users => they cannot connect to the socket):

$ umask
0022
$ nc -Ul sock
^C
$ ls -l sock
srwxr-xr-x 1 xxx xxx 0 Oct 16 18:35 sock
     ^  ^

Both snippets talk about the on-disk "socket" special file / inode, not about the inode representing the active socket object (which appears in /proc/<pid>/fd, /proc/net/unix, etc).

[1] If another file with such name exists nc (like most program listening on Unix sockets) will forcefully remove it before binding to it:

$ echo text > file
$ strace nc -l -U file
...
socket(AF_UNIX, SOCK_STREAM, 0)         = 3
unlink("file")                          = 0
bind(3, {sa_family=AF_UNIX, sun_path="file"}, 110) = 0
listen(3, 5)                            = 0
accept4(3, 

You missed this in that same unix(7) manpage you're quoting from:

On Linux, connecting to a stream socket object requires write permission on that socket; sending a datagram to a datagram socket likewise requires write permission on that socket.

Of course, you also need search(execute) permission to all the leading directories from its path, just like with any other file.

The part you're quoting refers to creating a socket, which happens when bind(2)ing to it, which is what nc -l -U /path/to/sock does [1]. Again, just like with creating any other file, the umask will affect the permissions of the created socket (umask == 022 => no write permission for other users):

$ umask
0022
$ nc -Ul sock
^C
$ ls -l sock
srwxr-xr-x 1 xxx xxx 0 Oct 16 18:35 sock
     ^  ^

Both snippets talk about the on-disk "socket" special file / inode, not about the inode representing the active socket object (which appears in /proc/<pid>/fd, /proc/net/unix, etc).

[1] If another file with such name exists nc (like most program listening on Unix sockets) will forcefully remove it before binding to it:

$ echo text > file
$ strace nc -l -U file
...
socket(AF_UNIX, SOCK_STREAM, 0)         = 3
unlink("file")                          = 0
bind(3, {sa_family=AF_UNIX, sun_path="file"}, 110) = 0
listen(3, 5)                            = 0
accept4(3, 

You missed this in that same unix(7) manpage you're quoting from:

On Linux, connecting to a stream socket object requires write permission on that socket; sending a datagram to a datagram socket likewise requires write permission on that socket.

Of course, you also need search(execute) permission to all the leading directories from its path, just like with any other file.

The part you're quoting refers to creating a socket, which happens when bind(2)ing to it, which is what nc -l -U /path/to/sock does [1]. Again, just like with creating any other file, the umask will affect the permissions of the created socket (umask == 022 => no write permission for other users => they cannot connect to the socket):

$ umask
0022
$ nc -Ul sock
^C
$ ls -l sock
srwxr-xr-x 1 xxx xxx 0 Oct 16 18:35 sock
     ^  ^

Both snippets talk about the on-disk "socket" special file / inode, not about the inode representing the active socket object (which appears in /proc/<pid>/fd, /proc/net/unix, etc).

[1] If another file with such name exists nc (like most program listening on Unix sockets) will forcefully remove it before binding to it:

$ echo text > file
$ strace nc -l -U file
...
socket(AF_UNIX, SOCK_STREAM, 0)         = 3
unlink("file")                          = 0
bind(3, {sa_family=AF_UNIX, sun_path="file"}, 110) = 0
listen(3, 5)                            = 0
accept4(3,