guile-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

doc access?


From: Kevin Ryde
Subject: doc access?
Date: Mon, 08 Sep 2003 08:49:12 +1000
User-agent: Gnus/5.1003 (Gnus v5.10.3) Emacs/21.3 (gnu/linux)

        * posix.texi (File System): In access?, reword a bit, clarify real
        versus effective ID handling, add an example of that, and recommend
        against access tests in library functions.


 - Scheme Procedure: access? path how
 - C Function: scm_access (path, how)
     Test accessibility of a file under the real UID and GID of the
     calling process.  The return is `#t' if PATH exists and the
     permissions requested by HOW are all allowed, or `#f' if not.

     HOW is an integer which can be one of the following or a
     bitwise-OR (`logior') of more than one.

      - Variable: R_OK
          Test for read permission.

      - Variable: W_OK
          Test for write permission.

      - Variable: X_OK
          Test for execute permission.

      - Variable: F_OK
          Test for existence of the file.  This is implied by each of
          the other tests, so there's no need to combine it with them.

     The way the calling process's real ID is used by `access?' means
     that a set-UID or set-GID program will test the invoking user's
     permissions, rather than anything extra the effective ID might make
     possible.

     Consider a database import program which is set-UID so it can
     write to a shared database.  When copying from a file to the
     database the set-UID might make it possible to read files the
     invoking user cannot normally read.  `access?' can be called to
     guard against that.

     In normal circumstances of course the real and effective IDs are
     the same, so `access?' simply indicates what the process will be
     able to do.

     Most library functions are best off not testing with `access?',
     but instead simply attempting their operations.  This ensures they
     can utilize extra permissions obtained from an effective ID.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]