Unix下文件的访问权限


access Function:

    When we open a file, the kernel performs its access tests based on the effective user and group IDs. There are times when a process wants to test accessibility based on the real user and group IDs. This is useful when a process is running as someone else, using either the set-user-ID or the set-group-ID feature. Even though a process might beset-user-ID to root, it could still want to verify that the read user can access a given file. The access function bases its tests on the real user and group IDs.

  1. #include <fcntl.h>   
  2. #include "apue.h"   
  3. #include "my_err.h"    
  4.   
  5. int main(int argc, char* argv[])  
  6. {  
  7.         if( argc != 2 )  
  8.         {  
  9.                 err_quit("usage: a .out <pathname>");  
  10.         }  
  11.   
  12.         if( access( argv[1], R_OK) < 0 )  
  13.         {  
  14.                 err_ret("access error for %s", argv[1]);  
  15.         }  
  16.         else  
  17.         {  
  18.                 printf("read access ok\n");  
  19.         }  
  20.   
  21.         if( open( argv[1], O_RDONLY) < 0 )  
  22.         {  
  23.                 err_ret("open error for %s", argv[1]);  
  24.         }  
  25.         else  
  26.         {  
  27.                 printf("open for reading OK\n");  
  28.         }  
  29.   
  30.         exit(0);  
  31. }  



说明:         a.out本来没有权限访问/etc/shadow文件,该文件只有root用户才有权限,但是我们把a.out改成root的文件,再增加S属性,虽然用的是普通的用户去执行root用户的文件,由于a.out 文件有S属性,所以,它的有效用户id还是root的id,也只有这样,a.out 才能访问/etc/shadow文件。

相关内容