Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!linus!philabs!cmcl2!floyd!vax135!ariel!houti!hogpc!houxm!ihnp4!ixn5c!inuxc!pur-ee!uiucdcs!uiucuxc!edwards
From: edwards@uiucuxc.UUCP
Newsgroups: net.unix-wizards
Subject: ACCESS(2) sometimes NOT useful - (nf)
Message-ID: <2951@uiucdcs.UUCP>
Date: Thu, 22-Sep-83 23:45:03 EDT
Article-I.D.: uiucdcs.2951
Posted: Thu Sep 22 23:45:03 1983
Date-Received: Mon, 26-Sep-83 20:44:33 EDT
Lines: 22

#N:uiucuxc:5500067:000:849
uiucuxc!edwards    Sep  6 22:00:00 1983

	The 4.1bsd manual states that access(2) uses a program's real
  id's to determine access permissions on files/paths, and that this
  is useful to set-UID programs.
	Well, It really depends on what you're checking.  If a set-UID
  program wants to do things to privileged areas, then access(2) is NOT
  useful to those set-UID programs.

  For example:	If your set-UID program wants to see if a directory
		exists in a privileged area "access to a set-UIDed
		program or user only," then you can't use access(2)
		because the real [ug]id of the process wouldn't have
		access anyway (the purpose for making it Set-UID.)

  Suggestion:	eaccess(2) or equivalent to check for effective id's.
		What do you think about it?  Nasty comments >> /dev/null

			Alan Edwards
			University of Illinois @ Urbana-Champaign
			(...pur-ee!uiucdcs!uiucuxc!edwards)