diff --git a/hadoop-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/net/unix/DomainSocket.c b/hadoop-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/net/unix/DomainSocket.c
index d05499609f5..b8056b654a9 100644
--- a/hadoop-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/net/unix/DomainSocket.c
+++ b/hadoop-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/net/unix/DomainSocket.c
@@ -196,6 +196,21 @@ static jthrowable setup(JNIEnv *env, int *ofd, jobject jpath, int doConnect)
               terror(ret), addr.sun_path);
       goto done;
     }
+    /* We need to make the socket readable and writable for all users in the
+     * system.
+     *
+     * If the system administrator doesn't want the socket to be accessible to
+     * all users, he can simply adjust the +x permissions on one of the socket's
+     * parent directories.
+     *
+     * See HDFS-4485 for more discussion.
+     */
+    if (chmod(addr.sun_path, 0666)) {
+      ret = errno;
+      jthr = newException(env, "java/net/BindException",
+              "chmod(%s, 0666) failed: %s", addr.sun_path, terror(ret));
+      goto done;
+    }
     if (listen(fd, LISTEN_BACKLOG) < 0) {
       ret = errno;
       jthr = newException(env, "java/net/BindException",
diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.HDFS-347.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.HDFS-347.txt
index 8ca55f814d7..37c93d9589c 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.HDFS-347.txt
+++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.HDFS-347.txt
@@ -41,3 +41,5 @@ HDFS-4438. TestDomainSocket fails when system umask is set to 0002. (Colin Patri
 HDFS-4440. Avoid annoying log message when dfs.domain.socket.path is not set. (Colin Patrick McCabe via atm)
 
 HDFS-4473. Don't create domain socket unless we need it. (Colin Patrick McCabe via atm)
+
+HDFS-4485. DN should chmod socket path a+w. (Colin Patrick McCabe via atm)