Re: setfsuid() and access() syscall

[Ondrej Palkovsky <ondrap@penguin.cz>]

Matthew Wilcox napsal(a):
> Why does this fileserver want to use access()?  WHy not just open the
> file and report the error if one happens
Suppose you want to filter directory and show only the files that the 
user can access - yes, this can be solved by opening the file/directory, 
however this seems to me overkill.
I have recently been implementing a HTTP file server and I wanted to 
show slightly different screens if the user has or does not have write 
access - based on ACL. There is no easy way to do it in multithreaded 
application
 - the access() function does not work. There is an 
euidaccess()/eaccess() libc function, which is not currently syscall - 
it is probably supposed to do the ACL checks in userspace and it doesn't 
currently support ACL's anyway (NotYetImplemented). But doing ACL checks 
in userspace is IMO the wrong way to go - the ACL models differ.

(I have since switched to fork()ed model, but this option might not 
always be available).

And if I understand it correctly, the posix says that there is a problem 
- and it won't be solved.... :(

2. The superuser has complete access to all files on a system. As a 
consequence, programs started by the superuser and switched to the 
effective user ID with lesser privileges cannot use /access/() to test 
their file access permissions.
It was also argued that problem (2) is more easily solved by using 
/open/() 
<http://www.opengroup.org/onlinepubs/000095399/functions/open.html>, 
/chdir/() 
<http://www.opengroup.org/onlinepubs/000095399/functions/chdir.html>, or 
one of the /exec 
<http://www.opengroup.org/onlinepubs/000095399/functions/exec.html>/ 
functions as appropriate and responding to the error, rather than 
creating a new function that would not be as reliable. Therefore, 
/eaccess/() is not included in this volume of IEEE Std 1003.1-2001.

Ondrej