Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watmath!clyde!rutgers!umnd-cs!umn-cs!ems!mark From: mark@ems.UUCP Newsgroups: comp.unix.questions Subject: Re: access(2) question Message-ID: <318@ems.UUCP> Date: Fri, 19-Jun-87 17:49:11 EDT Article-I.D.: ems.318 Posted: Fri Jun 19 17:49:11 1987 Date-Received: Sat, 20-Jun-87 10:07:12 EDT References: <530@applix.UUCP> <1341@xanth.UUCP> Reply-To: mark@ems.UUCP (Mark H. Colburn) Organization: EMS/McGraw-Hill, Eden Pairie, MN Lines: 29 Keywords: access permissions In article <1341@xanth.UUCP> john@xanth.UUCP (John Owens) writes: >In article <530@applix.UUCP>, mark@applix.UUCP (Mark Fox) writes: >> Does anybody know why access checks file accessibility using the real [ug]id >> in place of the effective [ug]id? It seems to me that access should agree >> with open(2) as far as whether a program has write or read access to a file. >> Inside a set-uid program that assumption obviously doesn't work while >> uid != euid. > >Well, the reason that access was added was to make it possible for a >set[ug]id program to be able to discern whether or not the real user >running it would have access to a certain file. The problem with this is that some of the standard System V subroutine libraries use the access call to determine the accessability for suid/sgid programs. An example that comes to mine here is a situation that bit me a while back. The tmpnam call apparently uses the access call to determine whether a temporary file can be created. This can lead to problems if you want to direct temporary files to a directory that is local to a suid/guid program that is executed via uux. Given this scenario, the id=uucp, but the euid=demo (in my case). The temporary directory is owned by demo. However when tmpnam attempts to create a file in /demo/tmp it fails, becase the id(uucp) does not have access the /demo/tmp. Anyways this can be gotten around in a number of ways, including (what we did), writing a new version of access that uses the euid to check for access permissions. As somebody suggested, this could be included in a library and named something like eaccess().