Unix下文件的访问权限

When we open a file, the kernel performs its access tests based on the effective user and group IDs. There are times when a process wants to test accessibility based on the real user and group IDs. This is useful when a process is running as someone else, using either the set-user-ID or the set-group-ID feature. Even though a process might beset-user-ID to root, it could still want to verify that the read user can access a given file. The access function bases its tests on the real user and group IDs.

#include <fcntl.h>    #include "apue.h"    #include "my_err.h"        int main(int argc, char* argv[])   {           if( argc != 2 )           {                   err_quit("usage: a .out <pathname>");           }              if( access( argv[1], R_OK) < 0 )           {                   err_ret("access error for %s", argv[1]);           }           else           {                   printf("read access ok\n");           }              if( open( argv[1], O_RDONLY) < 0 )           {                   err_ret("open error for %s", argv[1]);           }           else           {                   printf("open for reading OK\n");           }              exit(0);   }  


Unix下文件的访问权限


说明:

        a.out本来没有权限访问/etc/shadow文件,该文件只有root用户才有权限,但是我们把a.out改成root的文件,再增加S属性,虽然用的是普通的用户去执行root用户的文件,由于a.out 文件有S属性,所以,它的有效用户id还是root的id,也只有这样,a.out 才能访问/etc/shadow文件。

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/21627.html