Unix programming learning notes (9) -- shielding and changing file access permissions for file I/O

Source: Internet
Author: User
Tags superuser permission

Lien000034
2014-09-10

1. file access permission

In File Access Permissions and process access control, we have already talked about the file access limit. For convenience, we recolumn it below,

 

Table 1: 9 access limit of a file
St_mode shielding Meaning
S_irusr User-read
S_iwusr User-write
S_ixusr User-execution
S_irgrp Group-read
S_iwgrp Group-write
S_ixgrp Group-execution
S_iroth Others-read
S_iwoth Others-write
S_ixoth Others-execution

2. Shielding New File Access Permissions

Each process has a file creation mask associated with the process ). the file mode Creation blocking word of each process is irrelevant to the parent process of the process, and does not inherit from the file mode Creation blocking word of the parent process, the change in the process file mode does not affect the file mode process of the parent process.

When a process creates a new file, the final file access permission of the new file is determined together with the file access limit specified when the file mode is used to create a blocked word and create a new file. For any bit in the mask word created in file mode, the corresponding bit in file mode must be disabled.

The UMASK function creates a blocked word for the process setting file mode and returns the previous value.

# Include <sys/STAT. h>

Mode_t umask (mode_t cmask );

Returned value: Creates a blocked word in the previous file mode.

The cmask parameter is composed of several bitwise OR values of the nine constants listed in Table 1. The following program creates two files. When the first file foo is created, the blocked words created in the file mode of the process are cleared. Before the second file is created, the read and write permissions of all groups and other users are blocked.

#include <stdlib.h>#include <stdio.h>#include <fcntl.h>#include <sys/stat.h>#define RWRWRW (S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH)intmain(void){    umask(0);    if (creat("foo", RWRWRW) < 0) {    printf("creat error for foo");        exit(-1);    }    umask(S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);    if (creat("bar", RWRWRW) < 0) {        printf("creat error for bar");        exit(-1);    }    exit(0);}

Compile the program, generate the umaskdemo file, and then run it,

Lien000034: Demo $ gcc-O umaskdemo. clien000034: Demo $. /umaskdemolien000034: Demo $ LS-l bar foo-RW ------- 1 lien000034 lien000034 0 September 3 23:51 bar-RW-1 lien000034 lien000034 0 September 3 23:51 foo
3. file access permission change

UNIX provides two functions, CHMOD and fchmod, to change the access permissions of existing files.

# Include <sys/STAT. h>

Int chmod (const char * pathname, mode_t mode );

Int fchmod (INT filedes, mode_t mode );

Two function return values: 0 if successful, and-1 if an error occurs.

The chmod function operates on the specified file, while the fchmod function operates on the opened file.

To change the access permission of a file, the valid user ID of the process must be equal to the owner ID of the file, or the process must have the superuser permission.

The mode parameter is composed of some bitwise OR operations of constants shown in table 2.

Table 2: Mode constant of the CHMOD Function
Mode Description
S_isuid Set User ID during execution
S_isgid Set Group ID during execution
S_irwxu User reading, writing, and execution
S_irusr User-read
S_iwusr User-write
S_ixusr User-execution
S_irwxg Group read, write, and execution
S_irgrp Group-read
S_iwgrp Group-write
S_ixgrp Group-execution
S_irwxo Other reads, writes, and executions
S_iroth Others-read
S_iwoth Others-write
S_ixoth Others-execution

 

Instance:

The following program opens the set group ID bit for file Foo and closes the group execution bit. The file bar is forcibly set to a specified access permission.

#include <stdlib.h>#include <stdio.h>#include <sys/stat.h>intmain(void){    struct stat statbuf;    if (stat("foo", &statbuf) < 0) {        printf("stat error for foo");        exit(-1);    }    if (chmod("foo", (statbuf.st_mode & ~S_IXGRP) | S_ISGID) < 0) {        printf("chmod error for foo");        exit(-1);    }    if (chmod("bar", S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) < 0) {        printf("chmod error for bar");        exit(-1);    }    exit(0);}

Compile the program file, generate the chmoddemo file, and then run the file,

Lien000034: Demo $ gcc-O chmoddemo. clien000034: demo $ LS-l Foo bar-RW ------- 1 lien000034 lien000034 0 September 3 23:51 bar-RW-r -- 1 lien000034 lien000034 0 September 3 23:51 foo-RW-r -- 1 lien000034 lien000034 0 September 3 23:51 bar-RW-rwsr -- 1 lien000034 lien000034 0 September 3 23:51 foolien000034: demo $. /chmoddemolien000034: Demo $ LS-l Foo bar

(Done)

Unix programming learning notes (9) -- shielding and changing file access permissions for file I/O

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.