As we described earlier, when we open a file, the kernel performs its access tests based on the effective user and group IDs. There are times when a process wants to test accessibility based on the real user and group IDs. This is useful when a process is running as someone else, using either the set-user-ID or the set-group-ID feature. Even though a process might be set-user-ID to root, it could still want to verify that the real user can access a given file. The access function bases its tests on the real user and group IDs. (Replace effective with real in the four steps at the end of Section 4.5.)
|
#include <unistd.h> int access(const char *pathname, int mode); |
|
Returns: 0 if OK, 1 on error |
The mode is the bitwise OR of any of the constants shown in Figure 4.7.
Figure 4.7. The mode constants for access function, from <unistd.h>
|
mode |
Description |
|---|---|
|
R_OK |
test for read permission |
|
W_OK |
test for write permission |
|
X_OK |
test for execute permission |
|
F_OK |
test for existence of file |
Example
Figure 4.8 shows the use of the access function.
Here is a sample session with this program:
$ ls -l a.out -rwxrwxr-x 1 sar 15945 Nov 30 12:10 a.out $ ./a.out a.out read access OK open for reading OK $ ls -l /etc/shadow -r-------- 1 root 1315 Jul 17 2002 /etc/shadow $ ./a.out /etc/shadow access error for /etc/shadow: Permission denied open error for /etc/shadow: Permission denied $ su become superuser Password: enter superuser password # chown root a.out change file's user ID to root # chmod u+s a.out and turn on set-user-ID bit # ls -l a.out check owner and SUID bit -rwsrwxr-x 1 root 15945 Nov 30 12:10 a.out # exit go back to normal user $ ./a.out /etc/shadow access error for /etc/shadow: Permission denied open for reading OK
In this example, the set-user-ID program can determine that the real user cannot normally read the file, even though the open function will succeed( we can still read data from the opened file, access function is only for testing which doesn't stop you from actual reading).
Figure 4.8. Example of access function
#include "apue.h"
#include <fcntl.h>
int
main(int argc, char *argv[])
{
if (argc != 2)
err_quit("usage: a.out <pathname>");
if (access(argv[1], R_OK) < 0)
err_ret("access error for %s", argv[1]);
else
printf("read access OK\n");
if (open(argv[1], O_RDONLY) < 0)
err_ret("open error for %s", argv[1]);
else
printf("open for reading OK\n");
//if(read(fd, buf, 20) < 0)
// err_sys("read data error");
//else
// printf("\"%s\" read", buf);
exit(0); }