Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!husc6!rutgers!im4u!woton!riddle From: riddle@woton.UUCP (Prentiss Riddle ) Newsgroups: comp.unix.questions Subject: Why does access(2) use real user and group IDs? Message-ID: <957@woton.UUCP> Date: Tue, 1-Dec-87 15:08:35 EST Article-I.D.: woton.957 Posted: Tue Dec 1 15:08:35 1987 Date-Received: Sat, 5-Dec-87 14:05:05 EST Organization: Shriners Burns Institute, Galveston Lines: 26 Keywords: System V, access(2), real vs. effective IDs Ineffective-ID: "Bob" A colleague of mine was tinkering with a program that runs in setuid mode when she ran into the following little puzzle: Why is it that in SVR2.1 (and maybe in other Unixes too) the access(2) function uses the real user ID and group ID instead of the effective ones? The access(2) call is supposed to determine the accessibility of a file: that is, given a path name and a "mode" bit pattern, it returns 0 if you have the specified access permissions for the specified file. Since your ability to actually read, write or execute a file will depend on your effective user and group IDs, it seems logical to me that access(2) should use them as well, but for some reason it uses the real IDs instead. Of course, it wouldn't be hard to use stat(2) to write a substitute routine called "eaccess()" which do the same thing using the effective IDs, but that leaves the nagging question: is there a good reason for access(2) to behave as it does? Send short, obvious answers to me and I'll summarize; post long, wizardly answers directly to the net. Thanks. --- Prentiss Riddle ("Aprendiz de todo, maestro de nada.") --- Opinions expressed are not necessarily those of Shriners Burns Institute. --- riddle@woton.UUCP {ihnp4,harvard}!ut-sally!im4u!woton!riddle