diff options
author | Robert Watson <rwatson@FreeBSD.org> | 2001-09-21 21:35:22 +0000 |
---|---|---|
committer | Robert Watson <rwatson@FreeBSD.org> | 2001-09-21 21:35:22 +0000 |
commit | bd10d2560f41537042465ba7940b86e19168f3f4 (patch) | |
tree | 9eaf10d52d1a8f88291d5d94ec0bceed8d3fdc18 /lib/libc/sys/access.2 | |
parent | a90a3f288212baae1c6a8a95fd9a3be13d1fe89d (diff) | |
download | src-bd10d2560f41537042465ba7940b86e19168f3f4.tar.gz src-bd10d2560f41537042465ba7940b86e19168f3f4.zip |
o Modify access(2) man page to describe eaccess(2), and add a symlink
so man eaccess will return the access(2) man page.
Obtained from: TrustedBSD Project
Notes
Notes:
svn path=/head/; revision=83797
Diffstat (limited to 'lib/libc/sys/access.2')
-rw-r--r-- | lib/libc/sys/access.2 | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/lib/libc/sys/access.2 b/lib/libc/sys/access.2 index 5646b0d11f84..23cc3c08a877 100644 --- a/lib/libc/sys/access.2 +++ b/lib/libc/sys/access.2 @@ -44,10 +44,14 @@ .Fd #include <unistd.h> .Ft int .Fn access "const char *path" "int mode" +.Ft int +.Fn eaccess "const char *path" "int mode" .Sh DESCRIPTION The .Fn access -function checks the accessibility of the +and +.Fn eaccess +functions check the accessibility of the file named by .Fa path for the access permissions indicated by @@ -69,12 +73,17 @@ For additional information, see the section of .Xr intro 2 . .Pp -The real user ID is used in place of the effective user ID +.Fn eaccess +uses the effective user ID, group ID, and additional groups to authorize +the request. +.Fn access +uses +the real user ID in place of the effective user ID and the real group access list (including the real group ID) are used in place of the effective ID for verifying permission. .Pp -Even if a process's real user has appropriate privileges +Even if a process's real or effective user has appropriate privileges and indicates success for .Dv X_OK , the file may not actually have execute permission bits set. @@ -126,8 +135,14 @@ function call is expected to conform to .St -p1003.1-90 . .Sh CAVEAT .Fn Access -is a potential security hole and +is a potential security hole due to race conditions and should never be used. +Setuid and setgid applications should restore the effective uid or gid +and perform actions directly rather than use +.Fn access +to simulate access checks for the real user of group id. +.Fn Eaccess +likewise may be subject to races if used inappropriately. .Sh HISTORY An .Fn access |