Usefulness of access(2) - (nf)
Mark Brukhartz
mark at laidbak.UUCP
Mon Sep 26 16:10:59 AEST 1983
In response to spanky!ka, regarding a proposed replacement for access(2):
I see little need for a function to check for access permission on a
file by the effective user/group id. Simply doing a stat(2) on the
file will achieve the same result.
An eaccess(2) has been proposed to check access by effective user- and group-
ids. Rather than adding another single-purpose system call, I'd rather replace
access(2) with a more general case. There would, of course, be a compatibility
function in libc. Note that stat(2) doesn't check parent directory permissions.
The problems with the proposed pathaccess system call are twofold.
First, it would require a lot more work to implement than access.
Access simply resets the effective id's temporarily and calls nami
to check the permissions; the proposed new call would have to do its
own path search.
I didn't say that it would be easy [:-)].
The second problem has to do with security. Access will perform a
directory search even if the effective user id doesn't have execute
permission on a directory. In the case of the more general call, care
would have to be taken to ensure that such searches didn't create a
security hole.
Now things become messier. Directory access would have to be restricted by
the effective user- and group-ids of the invoker. This would break access()
when a component directory can by "executed" by the real user- and group-ids,
but not the effective ones. Perhaps this would all be easier with stacked
user- and group-ids, but that "improvement" has been argued already. Oh, well...
Mark Brukhartz
..!{allegra,ihnp4,ittral,trsvax}!laidbak!mark
More information about the Comp.unix.wizards
mailing list