Unix programming learning notes (9) -- shielding and changing file access permissions for file I/O

Lien000034
2014-09-10

1. file access permission

In File Access Permissions and process access control, we have already talked about the file access limit. For convenience, we recolumn it below,

 

Table 1: 9 access limit of a file

St_mode shielding	Meaning
S_irusr	User-read
S_iwusr	User-write
S_ixusr	User-execution
S_irgrp	Group-read
S_iwgrp	Group-write
S_ixgrp	Group-execution
S_iroth	Others-read
S_iwoth	Others-write
S_ixoth	Others-execution

2. Shielding New File Access Permissions

Each process has a file creation mask associated with the process ). the file mode Creation blocking word of each process is irrelevant to the parent process of the process, and does not inherit from the file mode Creation blocking word of the parent process, the change in the process file mode does not affect the file mode process of the parent process.

When a process creates a new file, the final file access permission of the new file is determined together with the file access limit specified when the file mode is used to create a blocked word and create a new file. For any bit in the mask word created in file mode, the corresponding bit in file mode must be disabled.

The UMASK function creates a blocked word for the process setting file mode and returns the previous value.

# Include <sys/STAT. h>

Mode_t umask (mode_t cmask );

Returned value: Creates a blocked word in the previous file mode.

The cmask parameter is composed of several bitwise OR values of the nine constants listed in Table 1. The following program creates two files. When the first file foo is created, the blocked words created in the file mode of the process are cleared. Before the second file is created, the read and write permissions of all groups and other users are blocked.

#include <stdlib.h>#include <stdio.h>#include <fcntl.h>#include <sys/stat.h>#define RWRWRW (S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH)intmain(void){    umask(0);    if (creat("foo", RWRWRW) < 0) {    printf("creat error for foo");        exit(-1);    }    umask(S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);    if (creat("bar", RWRWRW) < 0) {        printf("creat error for bar");        exit(-1);    }    exit(0);}

Compile the program, generate the umaskdemo file, and then run it,

Lien000034: Demo $ gcc-O umaskdemo. clien000034: Demo $. /umaskdemolien000034: Demo $ LS-l bar foo-RW ------- 1 lien000034 lien000034 0 September 3 23:51 bar-RW-1 lien000034 lien000034 0 September 3 23:51 foo

3. file access permission change

UNIX provides two functions, CHMOD and fchmod, to change the access permissions of existing files.

# Include <sys/STAT. h>

Int chmod (const char * pathname, mode_t mode );

Int fchmod (INT filedes, mode_t mode );

Two function return values: 0 if successful, and-1 if an error occurs.

The chmod function operates on the specified file, while the fchmod function operates on the opened file.

To change the access permission of a file, the valid user ID of the process must be equal to the owner ID of the file, or the process must have the superuser permission.

The mode parameter is composed of some bitwise OR operations of constants shown in table 2.

Table 2: Mode constant of the CHMOD Function

Mode	Description
S_isuid	Set User ID during execution
S_isgid	Set Group ID during execution
S_irwxu	User reading, writing, and execution
S_irusr	User-read
S_iwusr	User-write
S_ixusr	User-execution
S_irwxg	Group read, write, and execution
S_irgrp	Group-read
S_iwgrp	Group-write
S_ixgrp	Group-execution
S_irwxo	Other reads, writes, and executions
S_iroth	Others-read
S_iwoth	Others-write
S_ixoth	Others-execution

 

Instance:

The following program opens the set group ID bit for file Foo and closes the group execution bit. The file bar is forcibly set to a specified access permission.

#include <stdlib.h>#include <stdio.h>#include <sys/stat.h>intmain(void){    struct stat statbuf;    if (stat("foo", &statbuf) < 0) {        printf("stat error for foo");        exit(-1);    }    if (chmod("foo", (statbuf.st_mode & ~S_IXGRP) | S_ISGID) < 0) {        printf("chmod error for foo");        exit(-1);    }    if (chmod("bar", S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) < 0) {        printf("chmod error for bar");        exit(-1);    }    exit(0);}

Compile the program file, generate the chmoddemo file, and then run the file,

Lien000034: Demo $ gcc-O chmoddemo. clien000034: demo $ LS-l Foo bar-RW ------- 1 lien000034 lien000034 0 September 3 23:51 bar-RW-r -- 1 lien000034 lien000034 0 September 3 23:51 foo-RW-r -- 1 lien000034 lien000034 0 September 3 23:51 bar-RW-rwsr -- 1 lien000034 lien000034 0 September 3 23:51 foolien000034: demo $. /chmoddemolien000034: Demo $ LS-l Foo bar

(Done)

Unix programming learning notes (9) -- shielding and changing file access permissions for file I/O