Unix domain sockets operate differently from regular files. The permissions on the socket file itself determine access, so even if the directory is mounted as read-only (:ro), any process can still connect to the socket if it has the appropriate permissions
til #unix #filesystem