From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ondrej Palkovsky <ondrap@penguin.cz>
Subject: Re: setfsuid() and access() syscall
Date: Wed, 05 Aug 2009 09:57:39 +0200
Message-ID: <4A793B73.3070709@penguin.cz>
References: <4A78A047.8040800@penguin.cz> <20090804212912.GK3711@parisc-linux.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: linux-fsdevel@vger.kernel.org
To: Matthew Wilcox <matthew@wil.cx>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from ns.penguin.cz ([84.21.108.25]:37263 "EHLO ns.penguin.cz"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S933414AbZHEH5m (ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
	Wed, 5 Aug 2009 03:57:42 -0400
In-Reply-To: <20090804212912.GK3711@parisc-linux.org>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

Matthew Wilcox napsal(a):
> Why does this fileserver want to use access()?  WHy not just open the
> file and report the error if one happens
Suppose you want to filter directory and show only the files that the 
user can access - yes, this can be solved by opening the file/directory, 
however this seems to me overkill.
I have recently been implementing a HTTP file server and I wanted to 
show slightly different screens if the user has or does not have write 
access - based on ACL. There is no easy way to do it in multithreaded 
application
 - the access() function does not work. There is an 
euidaccess()/eaccess() libc function, which is not currently syscall - 
it is probably supposed to do the ACL checks in userspace and it doesn't 
currently support ACL's anyway (NotYetImplemented). But doing ACL checks 
in userspace is IMO the wrong way to go - the ACL models differ.

(I have since switched to fork()ed model, but this option might not 
always be available).

And if I understand it correctly, the posix says that there is a problem 
- and it won't be solved.... :(

2. The superuser has complete access to all files on a system. As a 
consequence, programs started by the superuser and switched to the 
effective user ID with lesser privileges cannot use /access/() to test 
their file access permissions.
It was also argued that problem (2) is more easily solved by using 
/open/() 
<http://www.opengroup.org/onlinepubs/000095399/functions/open.html>, 
/chdir/() 
<http://www.opengroup.org/onlinepubs/000095399/functions/chdir.html>, or 
one of the /exec 
<http://www.opengroup.org/onlinepubs/000095399/functions/exec.html>/ 
functions as appropriate and responding to the error, rather than 
creating a new function that would not be as reliable. Therefore, 
/eaccess/() is not included in this volume of IEEE Std 1003.1-2001.

Ondrej