When we open a file, the kernel performs its access tests based on the effective user and group IDs. There are times when a process wants to test accessibility based on the real user and group IDs. This is useful when a process is running as someone else, using either the set-user-ID or the set-group-ID feature. Even though a process might beset-user-ID to root, it could still want to verify that the read user can access a given file. The access function bases its tests on the real user and group IDs.
#include <fcntl.h> #include "apue.h" #include "my_err.h" int main(int argc, char* argv[]) { if( argc != 2 ) { err_quit("usage: a .out <pathname>"); } if( access( argv[1], R_OK) < 0 ) { err_ret("access error for %s", argv[1]); } else { printf("read access ok\n"); } if( open( argv[1], O_RDONLY) < 0 ) { err_ret("open error for %s", argv[1]); } else { printf("open for reading OK\n"); } exit(0); }
说明:
a.out本来没有权限访问/etc/shadow文件,该文件只有root用户才有权限,但是我们把a.out改成root的文件,再增加S属性,虽然用的是普通的用户去执行root用户的文件,由于a.out 文件有S属性,所以,它的有效用户id还是root的id,也只有这样,a.out 才能访问/etc/shadow文件。