-x implementations

Chuck Karish karish at mindcraft.com
Thu Mar 7 05:42:12 AEST 1991


In article <6124 at segue.segue.com> jim at segue.segue.com (Jim Balter) writes:
>In article <19017 at rpp386.cactus.org> jfh at rpp386.cactus.org
(John F Haugh II) writes:
>>test(1) is the sick on.  Any version of test(1) which relies on
>>access(2) is broken.
>
>1) The fact that access does not provide an option to test the effective uid
>   is brain damage.

access(2) has a very specific purpose.  If test(1) uses access(2) to
determine whether the current process has access to a particular file,
it's misusing access(2).

There is no system interface that simply and reliably provides the
desired information.  The advice of the 1003.1 committee is not to try
to guess whether access would be granted based on the permission bits,
but to actually try the function or utility and see what happens.  This
is somewhat unsatisfactory, but so is guessing, which can't possibly
take into account the effects of extended ('alternate', 'additional')
methods for determining file access (security levels, ACLs, etc.)

It would be helpful if there were a second interface that could be used
to check file access based on the effective UID.  Adding a flag to
access() at this point would not be an acceptable solution; it would
break too much existing code.

	Chuck Karish		karish at mindcraft.com
	Mindcraft, Inc.		(415) 323-9000



More information about the Comp.unix.programmer mailing list