[braindamaged?] use of access(2) -- long note

Stephen J. Friedl friedl at vsi.UUCP
Wed Mar 2 21:43:17 AEST 1988


In article <1056 at stratus.UUCP>, strick at stratus.UUCP (henry strickland) writes:
> In article <59 at vsi.UUCP> friedl at vsi.UUCP (Stephen J. Friedl) writes:
> >[....]
> >      Access(2) should almost never be used.  It does what
> >stat(2) does except it uses the REAL userid and not the EFFECTIVE
> >userid like every other system call uses.  It is designed for use
> >by setuid/setgid programs to verify the permissions of the
> >"underlying" user.
> 
> I also feel that access() should almost never be used, but for
> quite different reasons.
> 
> First (and I think you realized it) you're not using access()
> for what it was intended.  
>
> [lots more comments deleted]

     I guess I gave an unclear posting.  *I* know how access(2)
works and how to do the permissions checking in the right way.  A
version of access (I call it accfile) does the same kind of check-
ing but with the "proper" uid/gid.

     My lament is that *other* software (/bin/sh, test(1), temp-
nam(3), the Informix sacego report processor, etc.) does it wrong
and it keeps me from doing it right.  For example, the shell's
$PATH search mechanism means that I have to keep the project bin/
directory open to everybody because the shell won't find my com-
mands otherwise.

     I have just found out that mkdir(1) on System V doesn't work
right either.  It runs setuid root (only root may mknod a direc-
tory) and it uses access to find out if the underlying user has
permission to do this.  I guess they miss the case where the ef-
fective group has permission but the real+effective user and real
group do not.  Yet another case of the kernel doing what I tell
it rather than what I want.

     Wouldn't it make sense to (A) provide a "accfile()"
syscall/routine that does access(2) with real ids and (B) put a
note on the access manual page saying "you probably don't want to
use this function." Perhaps provide a version of access that is
passed the user/group ids to be checking against?  Then it could
fit all the needs.

     Steve
-- 
Life : Stephen J. Friedl @ V-Systems, Inc./Santa Ana, CA   *Hi Mom*
CSNet: friedl%vsi.uucp at kent.edu  ARPA: friedl%vsi.uucp at uunet.uu.net
uucp : {kentvax, uunet, attmail, ihnp4!amdcad!uport}!vsi!friedl



More information about the Comp.unix.questions mailing list