zoukankan      html  css  js  c++  java
  • access Function(4.7)

     

    As we described earlier, when we open a file, the kernel performs its access tests based on the effective user and group IDs. There are times when a process wants to test accessibility based on the real user and group IDs. This is useful when a process is running as someone else, using either the set-user-ID or the set-group-ID feature. Even though a process might be set-user-ID to root, it could still want to verify that the real user can access a given file. The access function bases its tests on the real user and group IDs. (Replace effective with real in the four steps at the end of Section 4.5.)

     #include <unistd.h>

      int access(const char *pathname, int mode); 

    Returns: 0 if OK, 1 on error

    The mode is the bitwise OR of any of the constants shown in Figure 4.7.

                            Figure 4.7. The mode constants for access function, from <unistd.h>

    mode

    Description

    R_OK

    test for read permission

    W_OK

    test for write permission

    X_OK

    test for execute permission

    F_OK

    test for existence of file

    Example

    Figure 4.8 shows the use of the access function.

    Here is a sample session with this program:

             $ ls -l a.out
             -rwxrwxr-x 1 sar         15945 Nov 30 12:10 a.out
             $ ./a.out a.out
             read access OK
             open for reading OK
             $ ls -l /etc/shadow
             -r-------- 1 root         1315 Jul 17 2002 /etc/shadow
             $ ./a.out /etc/shadow
             access error for /etc/shadow: Permission denied
             open error for /etc/shadow: Permission denied
             $ su                        become superuser
             Password:                  enter superuser password
             # chown root a.out         change file's user ID to root
             # chmod u+s a.out          and turn on set-user-ID bit
             # ls -l a.out              check owner and SUID bit
             -rwsrwxr-x 1 root     15945 Nov 30 12:10 a.out
             # exit                     go back to normal user
             $ ./a.out /etc/shadow
             access error for /etc/shadow: Permission denied
             open for reading OK
    

    In this example, the set-user-ID program can determine that the real user cannot normally read the file, even though the open function will succeed( we can still read data from the opened file, access function is only for testing which doesn't stop you from actual reading).

    Figure 4.8. Example of access function
    #include "apue.h"
    #include <fcntl.h>
    
    int
    main(int argc, char *argv[])
    {
        if (argc != 2)
            err_quit("usage: a.out <pathname>");
        if (access(argv[1], R_OK) < 0)
            err_ret("access error for %s", argv[1]);
        else
            printf("read access OK\n");
        if (open(argv[1], O_RDONLY) < 0)
            err_ret("open error for %s", argv[1]);
        else
            printf("open for reading OK\n");

       //if(read(fd, buf, 20) < 0)
            //  err_sys("read data error");
         //else
            //  printf("\"%s\" read", buf);

        exit(0);
    }


    作者:beanmoon
    出处:http://www.cnblogs.com/beanmoon/
    本文版权归作者和博客园共有,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出原文连接。
    该文章也同时发布在我的独立博客中-豆月博客

  • 相关阅读:
    汇编10:CALL和RET指令
    汇编09:转移指令的原理
    汇编08:数据处理的两个基本问题
    汇编07:定位内存地址的方法
    汇编06:包含多个段的程序
    汇编05:[BX]和loop指令
    汇编04:第一个汇编程序
    汇编03:寄存器
    C#版的mongodb最新的官方驱动2.4.0版本
    如何教你看懂复杂的正则表达式
  • 原文地址:https://www.cnblogs.com/beanmoon/p/2714304.html
Copyright © 2011-2022 走看看