Path: utzoo!attcan!uunet!lll-winken!lll-tis!helios.ee.lbl.gov!pasteur!ames!mailrus!uwmcsd1!uxc!tank!nucsrl!gore
From: gore@eecs.nwu.edu (Jacob Gore)
Newsgroups: comp.unix.wizards
Subject: access(2) in set-GID programs
Message-ID: <11410010@eecs.nwu.edu>
Date: 15 Sep 88 05:28:20 GMT
Organization: Northwestern U, Evanston IL, USA
Lines: 32

Suppose you have this situation:
----------------------------------------------------
	drwxrwxr-x usera groupa /tmp/jjj
	-rwxr-sr-x usera groupa a.out (provided below)

I am now userb/groupb.  userb in NOT listed in /etc/group entry for groupa.
	
a.out is:

main(){
    if (access("/tmp/jjj", 2) < 0) perror("directory");
}
----------------------------------------------------

Now, what I want to happen is for 'access' to fail -- in my application,
since the directory is not writable by userb/groupb, userb/groupb user
should not be able to use such a setgid program to create files in it.

But when I run this on 4.3BSD, 'access' succeeds.  The manual entry for
access(2) says:

     The real user ID and the group access list (including the
     real group ID) are used in verifying permission, so this
     call is useful to set-UID programs.

But what about set-Gid programs?  Is the effective gid automatically in the
group access list?

If so, what can I do to let such a setgid program check whether
userb/groupb is actually allowed to create files in a directory?

Jacob Gore				Gore@EECS.NWU.Edu
Northwestern Univ., EECS Dept.		{oddjob,gargoyle,att}!nucsrl!gore