Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!husc6!rutgers!im4u!woton!riddle
From: riddle@woton.UUCP (Prentiss Riddle )
Newsgroups: comp.unix.questions
Subject: Why does access(2) use real user and group IDs?
Message-ID: <957@woton.UUCP>
Date: Tue, 1-Dec-87 15:08:35 EST
Article-I.D.: woton.957
Posted: Tue Dec  1 15:08:35 1987
Date-Received: Sat, 5-Dec-87 14:05:05 EST
Organization: Shriners Burns Institute, Galveston
Lines: 26
Keywords: System V, access(2), real vs. effective IDs
Ineffective-ID: "Bob"


A colleague of mine was tinkering with a program that runs in setuid
mode when she ran into the following little puzzle:

Why is it that in SVR2.1 (and maybe in other Unixes too) the access(2)
function uses the real user ID and group ID instead of the effective
ones? 

The access(2) call is supposed to determine the accessibility of a
file: that is, given a path name and a "mode" bit pattern, it returns 0
if you have the specified access permissions for the specified file. 
Since your ability to actually read, write or execute a file will
depend on your effective user and group IDs, it seems logical to me
that access(2) should use them as well, but for some reason it uses the
real IDs instead. 

Of course, it wouldn't be hard to use stat(2) to write a substitute
routine called "eaccess()" which do the same thing using the effective
IDs, but that leaves the nagging question: is there a good reason for
access(2) to behave as it does? 

Send short, obvious answers to me and I'll summarize; post long,
wizardly answers directly to the net.  Thanks. 

--- Prentiss Riddle ("Aprendiz de todo, maestro de nada.")
--- Opinions expressed are not necessarily those of Shriners Burns Institute.
--- riddle@woton.UUCP  {ihnp4,harvard}!ut-sally!im4u!woton!riddle