Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!husc6!cmcl2!beta!hc!ames!xanth!john From: john@xanth.UUCP (John Owens) Newsgroups: comp.unix.questions Subject: Re: access(2) question Message-ID: <1467@xanth.UUCP> Date: Wed, 1-Jul-87 10:15:26 EDT Article-I.D.: xanth.1467 Posted: Wed Jul 1 10:15:26 1987 Date-Received: Fri, 3-Jul-87 01:49:41 EDT References: <530@applix.UUCP> <1341@xanth.UUCP> <1027@killer.UUCP> Organization: Old Dominion University, Norfolk Va. Lines: 42 Keywords: access permissions In article <1027@killer.UUCP>, jfh@killer.UUCP (John Haugh) writes: > Access() lets the user specify the type of access they plan on requesting, > and then says wether the user himself would be allowed, regardles of setuid > of setgid privileges. Isn't that what I said? > Yes, there is. You only need use getuid(), geteuid(), stat() in order > to find out if you can access a file. You only need look at st_mode to > determine if the file is accessible. Should be fairly simple to write, > just three if-then-else's aught to do it. Sorry, but if directories followed to get to the file were accessible by the effective [ug]ids, but not the real ids, this could show accessibility when access() correctly would not. Also, this method won't show denied write access on a read-only filesystem. (It also wouldn't take in account groupmasters if you're on a version of UNIX that used them? Did anyone ever use this besides 2.9BSD - they were kind of neat, but not useful enough for us to put into 4.[23]BSD.) It's your Summary: line, saying that you can't open for execute, that gives the lie to my suggestion. If you really need to check for execute access, but don't want to execute the program, you'll need to fork and have the child setgid(getegid()), setuid(geteuid()) and do an access. [If your version of UNIX lets to set[ug]id back to their original values regardless of the effective uid, you can avoid the fork. I don't know if I'm remembering that feature correctly or not.] I don't disagree that an eaccess() would be useful, I just think that it's not necessary. Certainly the fork is extremely inconvenient, but how many times do you want to know whether or not you have execute access to a file without trying to execute it? The shells need to know this, but only for files that fail exec with ENOEXEC and that are readable anyway; therefore, they can use access on read, followed by stat. Corrections and contradictions welcome. [But not self-contradictions :-) ] -- John Owens Old Dominion University - Norfolk, Virginia, USA john@ODU.EDU old arpa: john%odu.edu@RELAY.CS.NET +1 804 440 4529 old uucp: {seismo,harvard,sun,hoptoad}!xanth!john