Lien000034
2014-09-10
1. file access permission
In File Access Permissions and process access control, we have already talked about the file access limit. For convenience, we recolumn it below,
Table 1: 9 access limit of a file
St_mode shielding |
Meaning |
S_irusr |
User-read |
S_iwusr |
User-write |
S_ixusr |
User-execution |
S_irgrp |
Group-read |
S_iwgrp |
Group-write |
S_ixgrp |
Group-execution |
S_iroth |
Others-read |
S_iwoth |
Others-write |
S_ixoth |
Others-execution |
2. Shielding New File Access Permissions
Each process has a file creation mask associated with the process ). the file mode Creation blocking word of each process is irrelevant to the parent process of the process, and does not inherit from the file mode Creation blocking word of the parent process, the change in the process file mode does not affect the file mode process of the parent process.
When a process creates a new file, the final file access permission of the new file is determined together with the file access limit specified when the file mode is used to create a blocked word and create a new file. For any bit in the mask word created in file mode, the corresponding bit in file mode must be disabled.
The UMASK function creates a blocked word for the process setting file mode and returns the previous value.
# Include <sys/STAT. h>
Mode_t umask (mode_t cmask );
Returned value: Creates a blocked word in the previous file mode.
The cmask parameter is composed of several bitwise OR values of the nine constants listed in Table 1. The following program creates two files. When the first file foo is created, the blocked words created in the file mode of the process are cleared. Before the second file is created, the read and write permissions of all groups and other users are blocked.
#include <stdlib.h>#include <stdio.h>#include <fcntl.h>#include <sys/stat.h>#define RWRWRW (S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH)intmain(void){ umask(0); if (creat("foo", RWRWRW) < 0) { printf("creat error for foo"); exit(-1); } umask(S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH); if (creat("bar", RWRWRW) < 0) { printf("creat error for bar"); exit(-1); } exit(0);}
Compile the program, generate the umaskdemo file, and then run it,
Lien000034: Demo $ gcc-O umaskdemo. clien000034: Demo $. /umaskdemolien000034: Demo $ LS-l bar foo-RW ------- 1 lien000034 lien000034 0 September 3 23:51 bar-RW-1 lien000034 lien000034 0 September 3 23:51 foo
3. file access permission change
UNIX provides two functions, CHMOD and fchmod, to change the access permissions of existing files.
# Include <sys/STAT. h>
Int chmod (const char * pathname, mode_t mode );
Int fchmod (INT filedes, mode_t mode );
Two function return values: 0 if successful, and-1 if an error occurs.
The chmod function operates on the specified file, while the fchmod function operates on the opened file.
To change the access permission of a file, the valid user ID of the process must be equal to the owner ID of the file, or the process must have the superuser permission.
The mode parameter is composed of some bitwise OR operations of constants shown in table 2.
Table 2: Mode constant of the CHMOD Function
Mode |
Description |
S_isuid |
Set User ID during execution |
S_isgid |
Set Group ID during execution |
S_irwxu |
User reading, writing, and execution |
S_irusr |
User-read |
S_iwusr |
User-write |
S_ixusr |
User-execution |
S_irwxg |
Group read, write, and execution |
S_irgrp |
Group-read |
S_iwgrp |
Group-write |
S_ixgrp |
Group-execution |
S_irwxo |
Other reads, writes, and executions |
S_iroth |
Others-read |
S_iwoth |
Others-write |
S_ixoth |
Others-execution |
Instance:
The following program opens the set group ID bit for file Foo and closes the group execution bit. The file bar is forcibly set to a specified access permission.
#include <stdlib.h>#include <stdio.h>#include <sys/stat.h>intmain(void){ struct stat statbuf; if (stat("foo", &statbuf) < 0) { printf("stat error for foo"); exit(-1); } if (chmod("foo", (statbuf.st_mode & ~S_IXGRP) | S_ISGID) < 0) { printf("chmod error for foo"); exit(-1); } if (chmod("bar", S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) < 0) { printf("chmod error for bar"); exit(-1); } exit(0);}
Compile the program file, generate the chmoddemo file, and then run the file,
Lien000034: Demo $ gcc-O chmoddemo. clien000034: demo $ LS-l Foo bar-RW ------- 1 lien000034 lien000034 0 September 3 23:51 bar-RW-r -- 1 lien000034 lien000034 0 September 3 23:51 foo-RW-r -- 1 lien000034 lien000034 0 September 3 23:51 bar-RW-rwsr -- 1 lien000034 lien000034 0 September 3 23:51 foolien000034: demo $. /chmoddemolien000034: Demo $ LS-l Foo bar
(Done)
Unix programming learning notes (9) -- shielding and changing file access permissions for file I/O