Advanced Programming in the UNIX Environment: Second Edition [Electronic resources]

W. Richard Stevens; Stephen A. Rago

نسخه متنی -صفحه : 369/ 71
نمايش فراداده

4.7. access Function

As we described earlier, when we open a file, the kernel performs its access tests based on the effective user and group IDs. There are times when a process wants to test accessibility based on the real user and group IDs. This is useful when a process is running as someone else, using either the set-user-ID or the set-group-ID feature. Even though a process might be set-user-ID to root, it could still want to verify that the real user can access a given file. The access function bases its tests on the real user and group IDs. (Replace

effective with

real in the four steps at the end of Section 4.5.)

#include <unistd.h> int access(const char *

pathname , int

mode );

Returns: 0 if OK, 1 on error

The

mode is the bitwise OR of any of the constants shown in Figure 4.7.

Figure 4.7. The

mode constants for access function, from <unistd.h>

mode

Description

R_OK

test for read permission

W_OK

test for write permission

X_OK

test for execute permission

F_OK

test for existence of file

Example

Figure 4.8 shows the use of the access function.

Here is a sample session with this program:

$

ls -l a.out -rwxrwxr-x 1 sar 15945 Nov 30 12:10 a.out $

./a.out a.out read access OK open for reading OK $

ls -l /etc/shadow -r-------- 1 root 1315 Jul 17 2002 /etc/shadow $

./a.out /etc/shadow access error for /etc/shadow: Permission denied open error for /etc/shadow: Permission denied $

su

become superuser Password:

enter superuser password #

chown root a.out

change file's user ID to root #

chmod u+s a.out

and turn on set-user-ID bit #

ls -l a.out

check owner and SUID bit -rwsrwxr-x 1 root 15945 Nov 30 12:10 a.out #

exit

go back to normal user $

./a.out /etc/shadow access error for /etc/shadow: Permission denied open for reading OK

In this example, the set-user-ID program can determine that the real user cannot normally read the file, even though the open function will succeed.

Figure 4.8. Example of access function
#include "apue.h" #include <fcntl.h> int main(int argc, char *argv[]) { if (argc != 2) err_quit("usage: a.out <pathname>"); if (access(argv[1], R_OK) < 0) err_ret("access error for %s", argv[1]); else printf("read access OK\n"); if (open(argv[1], O_RDONLY) < 0) err_ret("open error for %s", argv[1]); else printf("open for reading OK\n"); exit(0); }

In the preceding example and in Chapter 8, we'll sometimes switch to become the superuser, to demonstrate how something works. If you're on a multiuser system and do not have superuser permission, you won't be able to duplicate these examples completely.