From mboxrd@z Thu Jan  1 00:00:00 1970
Path: main.gmane.org!not-for-mail
From: Kevin Ryde <user42@zip.com.au>
Newsgroups: gmane.lisp.guile.devel
Subject: doc access?
Date: Mon, 08 Sep 2003 08:49:12 +1000
Sender: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org
Message-ID: <87d6ectdsn.fsf@zip.com.au>
NNTP-Posting-Host: deer.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: sea.gmane.org 1063000675 31658 80.91.224.253 (8 Sep 2003 05:57:55 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Mon, 8 Sep 2003 05:57:55 +0000 (UTC)
Original-X-From: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Mon Sep 08 07:57:53 2003
Return-path: <guile-devel-bounces+guile-devel=m.gmane.org@gnu.org>
Original-Received: from monty-python.gnu.org ([199.232.76.173])
	by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian))
	id 19wF29-0003zK-00
	for <guile-devel@m.gmane.org>; Mon, 08 Sep 2003 07:57:53 +0200
Original-Received: from localhost ([127.0.0.1] helo=monty-python.gnu.org)
	by monty-python.gnu.org with esmtp (Exim 4.22)
	id 19wEy7-0007d2-KT
	for guile-devel@m.gmane.org; Mon, 08 Sep 2003 01:53:43 -0400
Original-Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.22)
	id 19wEwp-0007TF-Ur
	for guile-devel@gnu.org; Mon, 08 Sep 2003 01:52:23 -0400
Original-Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.22)
	id 19wEwk-0007SE-7D
	for guile-devel@gnu.org; Mon, 08 Sep 2003 01:52:19 -0400
Original-Received: from [61.8.0.36] (helo=snoopy.pacific.net.au)
	by monty-python.gnu.org with esmtp (Exim 4.22) id 19wEwc-0007Lw-JP
	for guile-devel@gnu.org; Mon, 08 Sep 2003 01:52:11 -0400
Original-Received: from mongrel.pacific.net.au (mongrel.pacific.net.au [61.8.0.107])
	by snoopy.pacific.net.au (8.12.3/8.12.3/Debian-6.4) with ESMTP id
	h87MnHBt006505
	for <guile-devel@gnu.org>; Mon, 8 Sep 2003 08:49:17 +1000
Original-Received: from localhost (ppp81.dyn228.pacific.net.au [203.143.228.81])
	by mongrel.pacific.net.au (8.12.3/8.12.3/Debian-6.4) with ESMTP id
	h87MlkBC020577
	for <guile-devel@gnu.org>; Mon, 8 Sep 2003 08:47:46 +1000
Original-Received: from gg by localhost with local (Exim 3.35 #1 (Debian))
	id 19w8LI-0000U8-00; Mon, 08 Sep 2003 08:49:12 +1000
Original-To: guile-devel@gnu.org
Mail-Copies-To: never
User-Agent: Gnus/5.1003 (Gnus v5.10.3) Emacs/21.3 (gnu/linux)
X-BeenThere: guile-devel@gnu.org
X-Mailman-Version: 2.1.2
Precedence: list
List-Id: Developers list for Guile, the GNU extensibility library
	<guile-devel.gnu.org>
List-Unsubscribe: <http://mail.gnu.org/mailman/listinfo/guile-devel>,
	<mailto:guile-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://mail.gnu.org/pipermail/guile-devel>
List-Post: <mailto:guile-devel@gnu.org>
List-Help: <mailto:guile-devel-request@gnu.org?subject=help>
List-Subscribe: <http://mail.gnu.org/mailman/listinfo/guile-devel>,
	<mailto:guile-devel-request@gnu.org?subject=subscribe>
Errors-To: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org
Xref: main.gmane.org gmane.lisp.guile.devel:2763
X-Report-Spam: http://spam.gmane.org/gmane.lisp.guile.devel:2763

        * posix.texi (File System): In access?, reword a bit, clarify real
        versus effective ID handling, add an example of that, and recommend
        against access tests in library functions.


 - Scheme Procedure: access? path how
 - C Function: scm_access (path, how)
     Test accessibility of a file under the real UID and GID of the
     calling process.  The return is `#t' if PATH exists and the
     permissions requested by HOW are all allowed, or `#f' if not.

     HOW is an integer which can be one of the following or a
     bitwise-OR (`logior') of more than one.

      - Variable: R_OK
          Test for read permission.

      - Variable: W_OK
          Test for write permission.

      - Variable: X_OK
          Test for execute permission.

      - Variable: F_OK
          Test for existence of the file.  This is implied by each of
          the other tests, so there's no need to combine it with them.

     The way the calling process's real ID is used by `access?' means
     that a set-UID or set-GID program will test the invoking user's
     permissions, rather than anything extra the effective ID might make
     possible.

     Consider a database import program which is set-UID so it can
     write to a shared database.  When copying from a file to the
     database the set-UID might make it possible to read files the
     invoking user cannot normally read.  `access?' can be called to
     guard against that.

     In normal circumstances of course the real and effective IDs are
     the same, so `access?' simply indicates what the process will be
     able to do.

     Most library functions are best off not testing with `access?',
     but instead simply attempting their operations.  This ensures they
     can utilize extra permissions obtained from an effective ID.


_______________________________________________
Guile-devel mailing list
Guile-devel@gnu.org
http://mail.gnu.org/mailman/listinfo/guile-devel