access Function(4.7)

 

As we described earlier, when we open a file, the kernel performs its access tests based on the effective user and group IDs. There are times when a process wants to test accessibility based on the real user and group IDs. This is useful when a process is running as someone else, using either the set-user-ID or the set-group-ID feature. Even though a process might be set-user-ID to root, it could still want to verify that the real user can access a given file. The access function bases its tests on the real user and group IDs. (Replace effective with real in the four steps at the end of Section 4.5.)

 #include <unistd.h>

　　int access(const char *pathname, int mode); 

Returns: 0 if OK, 1 on error

The mode is the bitwise OR of any of the constants shown in Figure 4.7.

　　　　　　　　　　　　　　　　　　　　　　　　Figure 4.7. The mode constants for access function, from <unistd.h>

mode	Description
R_OK	test for read permission
W_OK	test for write permission
X_OK	test for execute permission
F_OK	test for existence of file

Example

Figure 4.8 shows the use of the access function.

Here is a sample session with this program:

         $ ls -l a.out
         -rwxrwxr-x 1 sar         15945 Nov 30 12:10 a.out
         $ ./a.out a.out
         read access OK
         open for reading OK
         $ ls -l /etc/shadow
         -r-------- 1 root         1315 Jul 17 2002 /etc/shadow
         $ ./a.out /etc/shadow
         access error for /etc/shadow: Permission denied
         open error for /etc/shadow: Permission denied
         $ su                        become superuser
         Password:                  enter superuser password
         # chown root a.out         change file's user ID to root
         # chmod u+s a.out          and turn on set-user-ID bit
         # ls -l a.out              check owner and SUID bit
         -rwsrwxr-x 1 root     15945 Nov 30 12:10 a.out
         # exit                     go back to normal user
         $ ./a.out /etc/shadow
         access error for /etc/shadow: Permission denied
         open for reading OK

In this example, the set-user-ID program can determine that the real user cannot normally read the file, even though the open function will succeed( we can still read data from the opened file, access function is only for testing which doesn't stop you from actual reading).

Figure 4.8. Example of access function

#include "apue.h"
#include <fcntl.h>

int
main(int argc, char *argv[])
{
    if (argc != 2)
        err_quit("usage: a.out <pathname>");
    if (access(argv[1], R_OK) < 0)
        err_ret("access error for %s", argv[1]);
    else
        printf("read access OK\n");
    if (open(argv[1], O_RDONLY) < 0)
        err_ret("open error for %s", argv[1]);
    else
        printf("open for reading OK\n");

　　　//if(read(fd, buf, 20) < 0)
        //　　err_sys("read data error");
　　   //else
        //　　printf("\"%s\" read", buf);

    exit(0);
}