access Function:
When we open a file, the kernel performs its access tests based on the effective user and group IDs. There are times when a process wants to test accessibility based on the real user and group IDs. This is useful when a process is running as someone else, using either the set-user-ID or the set-group-ID feature. Even though a process might beset-user-ID to root, it could still want to verify that the read user can access a given file. The access function bases its tests on the real user and group IDs.
- #include <fcntl.h>
- #include "apue.h"
- #include "my_err.h"
-
- int main(int argc, char* argv[])
- {
- if( argc != 2 )
- {
- err_quit("usage: a .out <pathname>");
- }
-
- if( access( argv[1], R_OK) < 0 )
- {
- err_ret("access error for %s", argv[1]);
- }
- else
- {
- printf("read access ok\n");
- }
-
- if( open( argv[1], O_RDONLY) < 0 )
- {
- err_ret("open error for %s", argv[1]);
- }
- else
- {
- printf("open for reading OK\n");
- }
-
- exit(0);
- }
說明:
a.out本來沒有權限訪問/etc/shadow文件,該文件只有root用戶才有權限,但是我們把a.out改成root的文件,再增加S屬性,雖然用的是普通的用戶去執行root用戶的文件,由於a.out 文件有S屬性,所以,它的有效用戶id還是root的id,也只有這樣,a.out 才能訪問/etc/shadow文件。
