Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!linus!vaxine!wjh12!genrad!mit-eddie!mit-vax!eagle!mhuxi!houxm!ihnp4!ixn5c!inuxc!pur-ee!uiucdcs!uiucuxc!edwards
From: edwards@uiucuxc.UUCP
Newsgroups: net.bugs
Subject: Usefulness of access(2) - (nf)
Message-ID: <2916@uiucdcs.UUCP>
Date: Wed, 21-Sep-83 23:36:20 EDT
Article-I.D.: uiucdcs.2916
Posted: Wed Sep 21 23:36:20 1983
Date-Received: Fri, 23-Sep-83 23:59:53 EDT
Lines: 22

#N:uiucuxc:10900002:000:835
uiucuxc!edwards    Sep  2 12:56:00 1983

	I would really like to comment on the function access(2).  The
  manual states that the real user/group id's are used with respect to
  which permissions are checked for access to the files/paths.  And that
  this is useful to set-UID programs.

	Well, it really depends on what you're checking.  If your
  set-UID program wants to do things to privileged areas, then access(2)
  is NOT useful for set-UID programs.
  
  For example: If your set-UID program wants to see if a directory
    exists in a privileged area (access to set-UIDed program/user only,)
    then you can't use access(2) because the real [ug]id of the process
    wouldn't have access anyway.

  Suggestion: eaccess(2) or equivalent to check for effective id's.

			Alan Edwards
			University of Illinois @ Urbana-Champaign
			(...pur-ee!uiucdcs!uiucuxc!edwards)