Package: manpages-dev
Version: 2.40-1
Tags: patch
On Wed, Jul 05, 2006 at 02:17:15PM +0200, Michael Kerrisk wrote:
> > > Unbalanced paren fixed for 2.35. Not sure what your problem is with
> > > "return" though; please explain.
> > It changes the [ug]id, doesn't return anything except -1 or 0.
>
> Doh! Yes -- thanks. Fixed in 2.35 as below.
Another one:
faccessat - change permissions of a file relative to a directory file
descriptor
|AT_EACCESS
|Perform access checks using the effective user and group IDs.
|By default, faccessat() uses the effective IDs (like access(2)).
|access(2):
|The check is done with the process’s real UID and GID, rather than with
|the effective IDs as is done when actually attempting an operation.
|This is to allow set-user-ID programs to easily determine the invoking
|user’s authority.
It is my understanding that access(2) is correct, and accessat is wrong (about
access, and about itself).
These also all require _ATFILE_SOURCE, and faccessat requires fcntl for
the enum/define foo.
Also give the return value meaning.
BTW. What is the proposed "eaccess" page?
Tested with glibc 2.5.
$ make CFLAGS='-Wextra -Wall -O0 -g' uid
cc -Wextra -Wall -O0 -g uid.c -o uid
$ sudo ls -la /tmp/root
total 8
drwx------ 2 root root 4096 Feb 16 14:47 .
drwxrwxrwt 13 root root 4096 Feb 16 15:05 ..
-rw-r--r-- 1 root root 0 Feb 16 14:47 foo
$ ./uid
getuid: 1000
geteuid: 1000
getfsuid: 1000
access: -1
faccessat: -1 -1
$ sudo ./uid
getuid: 0
geteuid: 0
getfsuid: 0
access: 0
faccessat: 0 0
$ sudo sh -c 'chown root ./uid; chmod u+s ./uid'
$ ./uid
getuid: 1000
geteuid: 0
getfsuid: 0
access: -1
faccessat: -1 0
--- - 2007-02-16 15:34:04.085283363 -0500
+++ /tmp/faccessat.2 2007-02-16 15:34:01.000000000 -0500
@@ -1,6 +1,7 @@
.\" Hey Emacs! This file is -*- nroff -*- source.
.\"
.\" This manpage is Copyright (C) 2006, Michael Kerrisk
+.\" Fixes copyright (C) 2007 Justin Pryzby
.\"
.\" Permission is granted to make and distribute verbatim copies of this
.\" manual provided the copyright notice and this permission notice are
@@ -23,12 +24,14 @@
.\" the source, must acknowledge the copyright and authors of this work.
.\"
.\"
-.TH FACCESSAT 2 2006-05-05 "Linux 2.6.16" "Linux Programmer's Manual"
+.TH FACCESSAT 2 2007-02-16 "Linux 2.6.16" "Linux Programmer's Manual"
.SH NAME
-faccessat \- change permissions of a file relative to a directory \
+faccessat \- check user's permissions for a file relative to a directory \
file descriptor
.SH SYNOPSIS
.nf
+.B #define _ATFILE_SOURCE
+.B #include <fcntl.h>
.B #include <unistd.h>
.sp
.BI "int faccessat(int " dirfd ", const char *" pathname ", int " \
@@ -76,7 +79,7 @@
Perform access checks using the effective user and group IDs.
By default,
.BR faccessat ()
-uses the effective IDs (like
+uses the real IDs (like
.BR access (2)).
.TP
.B AT_SYMLINK_NOFOLLOW
@@ -85,7 +88,7 @@
is a symbolic link, do not dereference it:
instead return information about the link itself.
.SH "RETURN VALUE"
-On success,
+On success (all requested permissions granted),
.BR faccessat ()
returns 0.
On error, \-1 is returned and
#define _ATFILE_SOURCE
#include <unistd.h>
#include <fcntl.h>
#include <sys/fsuid.h>
#include <stdlib.h>
#include <stdio.h>
// set{,{e,re,res}}uid
//
// fs[ug]id is just for NFS, and mirrors E[UG]ID; it is only changed by an
// explicit to setfs[ug]id
// e[ug]id is for S[UG]ID executables
int main()
{
printf("getuid: %d\n", getuid());
printf("geteuid: %d\n", geteuid());
printf("getfsuid: %d\n", setfsuid(geteuid()));
printf("access: %d\n", access("/tmp/root/foo", R_OK));
printf("faccessat: %d %d\n",
faccessat(AT_FDCWD, "/tmp/root/foo", R_OK, 0),
faccessat(AT_FDCWD, "/tmp/root/foo", R_OK, AT_EACCESS));
exit(EXIT_SUCCESS);
}
