File Management-File Permission operations

Source: Internet
Author: User

1. Test the file access permission.

 

# Include <unistd. h>
Define the function int access (const char * pathname, int mode );
Function Description: Access () checks whether an existing file can be read/written. The mode parameter can be combined in several cases, such as r_ OK, w_ OK, and x_ OK.
And f_ OK. R_ OK, w_ OK, and x_ OK are used to check whether the file has read, write, and execution permissions. F_ OK is used to determine whether the file exists. Because access () only works
Permission verification does not care about the file format or file content. Therefore, if a directory is "writable", you can create new files and other operations in this directory, instead, this directory can be processed as a file.
For example, you will find that all DoS Files have the "executable" permission, but execve () will fail to be executed.
Return Value: If all permissions to be checked have passed the check, 0 is returned, indicating that the operation is successful. If a permission is disabled,-1 is returned.
The file specified by the error code eaccess parameter pathname does not meet the required test permission.
The file to be tested by erofs is stored in the read-only file system.
The pathname pointer of the efault parameter exceeds the accessible memory space.
The Mode Val parameter mode is incorrect.
The pathname parameter of enametoolong is too long.
The pathname parameter of enotdir is a directory.
Insufficient enomem core memory
The pathname parameter of eloop has too many symbolic connections.
Eio I/O access error.
Note that you must be especially careful when using access () for user authentication. For example, making an open () empty file after access () may cause system security problems.

 

Eg:

# Include <stdio. h>
# Include <stdlib. h>
# Include <fcntl. h>
# Include <unistd. h>
# Include <sys/STAT. h>

Int main (void)
{
Int FD;
Struct stat statbuf;
Pid_t PID;
Uid_t ruid, EUID;/* Actual ID and valid ID of the process */

If (STAT ("test.txt", & statbuf) =-1) {/* get the file status */
Perror ("fail to stat ");
Exit (1 );
}

/* Obtain the actual user ID and valid user ID of the process */
EUID = getuid ();
EUID = geteuid ();

/* Print the actual user ID and valid user ID of the process */
Printf ("Real ID is: % u, valid tive ID is: % u/N", (unsigned INT) ruid, (unsigned INT) EUID );
/* Print the file owner ID */
Printf ("file owner is: % u/N", statbuf. st_uid );

If (access ("test.txt", r_ OK) =-1) {/* test file permissions */
Perror ("fail to access ");
Exit (1 );
}

Printf ("Access successfully/N");/* output prompt information */

If (FD = open ("test.txt", o_rdonly) =-1) {/* If the read permission test is successful, try to open the file */
Perror ("fail to open ");
Exit (1 );
}

Printf ("ready to read/N");/* output prompt information */

Close (FD);/* close the file */

Return 0;
}

 

 

2. Use the File Permission to block words

Unmask permission blocking. If a bit is set, the system ignores the value specified by the user for this bit when creating a file and sets it to 0.

 

# Include <sys/types. h>
# Include <sys/STAT. h>
Define the mode_t umask (mode_t mask) function );
Function Description
Umask () sets the system umask value to the value after the mask & 0777 parameter, and then returns the previous umask value. This parameter is used when open () is used to create a new file.
Mode is not the permission to create a file, &~ Umask. For example, if the File Permission is set to 0666 when a file is created, the default umask value is
022, the true permission of the file is 0666 &~ 022 = 0644, that is, RW-r -- return value. No error value is returned for this call.
The returned value is the umask value of the original system.

 

3. Use the umask function in the program

Using the umask function in the program will not affect the shell environment, but will affect the permission settings of all new files in the program.

 

Instance:

// Mask. c

# Include <stdio. h>

# Include <sys/STAT. h>

 

# Define mask s_irusr | s_irgrp | s_iroth // block the read permission of all users

 

Int main ()

{

Int FD;

Mode_t mask;

 

Mask = umask (mask); // change the permission blocking word and save the original permission word

Printf ("the original mask is % s/n", (unsigned INT) mask );

 

/* The ownership limit of the new file is set */

If (FD = open ("test.txt", o_creat, 0777) = NULL ){

Perror ("fail to creat ");

Exit (1 );

 

Close (FD );

Return 0;

}

 

 

The blocking word obtained by the program is the same as that in the shell environment. It can be seen that the blocking word is inherited by the Shell Process of the parent process of the mask program.

The test.txt permission created by the secret is -- WX-WX, and the corresponding permission is blocked.

The shell environment permission shielding word is still not changed. Because the sub-process cannot change the environment of the parent process.

 

 

4. Change the file access permission

 

# Include <sys/types. h>
# Include <sys/STAT. h>
Define the int chmod (const char * path, mode_t mode) function );
Function Description: chmod () changes the permission of the file specified by the path parameter based on the mode permission.
The mode parameter has the following combinations:
S_isuid 04000 file (Set User-ID on execution) Bit
S_isgid 02000 (set group-ID on execution) bit of the file
S_isvtx 01000 file Sticky Bit
S_irusr (s_iread) 00400 the file owner has the read permission
S_iwusr (s_iwrite) 00200 the file owner has the write permission
S_ixusr (s_iexec) 00100 the file owner has executable permissions
S_irgrp 00040 user group with read permission
S_iwgrp 00020 user group with write permission
S_ixgrp 00010 user group with executable permissions
S_iroth 00004 other users have read permission
S_iwoth 00002 other users have write permission
S_ixoth 00001 other users have executable permissions
Only when the owner of the file or valid user identification code is 0 Can the permission of the file be modified. Based on System Security, if you want to write data to an execution file that has the s_isuid or s_isgid permission, the two digits will be cleared. If a directory has the s_isuid bit permission, only the owner or root of the file in the directory can delete the file.
If the return value permission is changed successfully, 0 is returned. If the return value fails,-1 is returned. The cause of the error is errno.
The valid user identification code of the error code eperm process is different from the file owner who wants to modify the permission, and does not have the root permission.
The file specified by the eaccess parameter path cannot be accessed.
The file to which erofs wants to write permission exists in the read-only file system.
The path pointer of the efault parameter exceeds the accessible memory space.
The Mode Val parameter mode is incorrect.
The path parameter of enametoolong is too long.
The specified enoent file does not exist.
The path of the enotdir parameter is not a directory.
Insufficient enomem core memory
The eloop parameter path has too many symbolic connections.
Eio I/O Access Error

Example:

/* Set the/etc/passwd file permission
S_irusr | s_iwusr | s_irgrp | s_iroth */
# Include <sys/types. h>
# Include <sys/STAT. h>
Main ()
{
Chmod ("/etc/passwd", s_irusr | s_iwusr | s_irgrp | s_iroth );
}

 

 

 

5. Change the permission for opening a file.

 

# Include <sys/types. h>
# Include <sys/STAT. h>
Defines the int fchmod (INT Fildes, mode_t mode) function );
Function Description: fchmod () changes the permission of the file indicated by the Fildes parameter based on the mode permission. The Fildes parameter is the description of an opened file. For more information about the parameter mode, see chmod ().
If the return value permission is changed successfully, 0 is returned. If the return value fails,-1 is returned. The error cause is errno.
Error cause: the ebadf parameter Fildes is an invalid file description.
The valid user identification code of the eperm process is different from that of the file owner who wants to modify permissions, and does not have the root permission.
The file to which erofs wants to write permission exists in the read-only file system.
Eio I/O access error.

 

Example:

// Fchmod. c

# Include <stdio. h>
# Include <stdlib. h>
# Include <unistd. h>
# Include <fcntl. h>
# Include <sys/STAT. h>

/* Read operation mask, which adds all the read permissions of the owner, group users, and other users */
# Define read_mask s_irusr | s_irgrp | s_iroth
/* Write operation mask to add all write permissions of owner users, group users, and other users */
# Define write_mask s_iwusr | s_iwgrp | s_iwoth

Int main (void)
{
Int FD;
Struct stat statbuf;

/* Open a file. If the file does not exist, use the read operation mask as the permission word to create the file */
If (FD = open ("test.txt", o_rdonly | o_creat, read_mask) =-1 ){
Perror ("fail to open ");
Exit (1 );
}

Printf ("before changing mode/N");/* output prompt information */

If (fstat (FD, & statbuf) =-1) {/* get the file status on the opened file */
Perror ("fail to get status ");
Exit (1 );
}

If (statbuf. st_mode & s_irusr)/* The owner user has the permission to read files */
Printf ("user can read/N ");
If (statbuf. st_mode & s_irgrp)/* group users have the permission to read files */
Printf ("group user can read/N ");
If (statbuf. st_mode & s_iroth)/* Other users have the permission to read files */
Printf ("other user can read/N ");
Printf ("/N ");

/* Use the write permission word to change the File Permission,
* After the change, all the read permissions of the file disappear,
* Replace all write permissions
*/
If (fchmod (FD, write_mask) =-1 ){
Perror ("fail to change model ");
Exit (1 );
}

Printf ("after changing mode/N ");

If (fstat (FD, & statbuf) =-1) {/* get the file status again */
Perror ("fail to get status ");
Exit (1 );
}

Printf ("check the file by file-Descriptor/N ");

/* Directly use the file descriptor to get the file status and check whether the File Permission is updated */
If (statbuf. st_mode & s_iwusr)/* The owner user has the permission to write files */
Printf ("user can write/N ");
If (statbuf. st_mode & s_iwgrp)/* group users have the permission to write files */
Printf ("group user can write/N ");
If (statbuf. st_mode & s_iwoth)/* Other users have the permission to write files */
Printf ("other user can write/N ");
Printf ("/N ");

/* Obtain the File status of the file from the disk again, and check whether the file permissions on the disk have been updated */
If (STAT ("test.txt", & statbuf) =-1 ){
Perror ("fail to get status ");
Exit (1 );
}

Printf ("check the file in the disk/N ");

/* The file permission on the disk has been updated.
*/
If (statbuf. st_mode & s_iwusr)/* The owner user has the permission to write files */
Printf ("user can write/N ");
If (statbuf. st_mode & s_iwgrp)/* group users have the permission to write files */
Printf ("group user can write/N ");
If (statbuf. st_mode & s_iwoth)/* Other users have the permission to write files */
Printf ("other user can write/N ");
Printf ("/N ");


Sleep (10);/* sleep for 10 seconds */

Printf ("done/N");/* print the prompt information */

Close (FD);/* close the file, and rinse all the buffer content to the disk */
 
Return 0;
}

 

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.