是否有类似access()的功能,但有特定的用户ID?
[英]is there a function like access() but for a specific user id?
问题描述
The Linux function access() allows me to check file permissions for the current user. 
Linux函数access()允许我检查当前用户的文件权限。
Is there a similar function that gives me the same information - but instead of checking the current user it checks the permissions of any given system user? 是否有类似的功能为我提供相同的信息-但不是检查当前用户,而是检查任何给定系统用户的权限?
Something like int access_for(const char *pathname, uid_t uid, int mode); 像int access_for(const char *pathname, uid_t uid, int mode); or whatever 管他呢
I can't use seteuid() as I need this for a multithreaded process (POSIX threads) which would affect all threads at the same time. 我不能使用seteuid()因为多线程进程(POSIX线程)需要使用seteuid() ,这会同时影响所有线程。 That's why I need to check file permissions myself. 这就是为什么我需要自己检查文件权限的原因。
Edit: The process itself is known/assumed to have at least the privileges of the relevant user. 编辑:已知/假定过程本身至少具有相关用户的特权。 So, in theory I could also walk the file system and calculate the rights by hand, but I'd need something much more efficient as the check needs to be done several (up to hundreds) times per second. 因此,从理论上讲,我还可以遍历文件系统并手动计算权限,但是我需要效率更高的东西,因为每秒需要进行几次(最多数百次)检查。 Possible? 可能?
3 个解决方案
解决方案1
2 2013-04-04 15:05:03
not sure how it could work. 不知道如何工作。 if you're running as user X, you couldn't reliably check if user Y has access to something, because the check would be done under YOUR permissions. 如果您以用户X的身份运行,则无法可靠地检查用户Y是否有权访问某些内容,因为该检查将在您的权限下进行。 You may not have access to something that Y does, meaning you'd get a false negative. 您可能无权访问Y所做的事情,这意味着您将得到一个假阴性。
解决方案2
2 2013-04-04 15:39:09
Beware of TOCTOU . 谨防TOCTOU 。 If you check NOW that a file can be accessed, it doesn't mean that NOW it can (or can't), because the time it took you to read those words between "NOW" and "NOW", the file privileges may well have changed. 如果您现在检查是否可以访问文件,则并不意味着它可以(或不能)访问,因为您花了一些时间在“现在”和“现在”之间读取这些字,因此文件特权可能好了,变了。
So, the CORRECT solution is to run in a thread/process as the user that you want to access the file as. 因此,CORRECT解决方案将以您要访问文件的用户身份在线程/进程中运行。 Otherwise, you run a risk of "the file privileges changed while you were working" problem. 否则,您将面临“工作时文件特权已更改”的风险。
Of course, this applies to any type of access to "things that may be restricted based on who I am running as". 当然,这适用于对“根据我的运行身份可能受到限制的事物”的任何类型的访问。
解决方案3
1 已采纳 2013-04-04 15:24:01
On Linux, fundamentally all set*id operations are thread-local. 在Linux上,基本上所有set*id操作都是线程本地的。 This is wrong and non-conforming (the standard specifies that a process , not a thread, has ids that are set by these functions) and the userspace code (in libc) has to work around the issue via delicate and error-prone logic to change all the thread uids in a synchronized way. 这是错误且不符合标准的(标准指定一个进程 ,而不是线程,具有由这些函数设置的ID),并且用户空间代码(在libc中)必须通过微妙且易于出错的逻辑来解决此问题,以同步方式更改所有线程uid。 However, you may be able to invoke the syscall directly (via syscall() ) to change the ids for just one thread. 但是,您可以直接调用syscall(通过syscall() )来仅更改一个线程的id。
Also, Linux has the concept of "filesystem uid" set by the setfsuid function. 同样,Linux具有由setfsuid函数设置的“文件系统uid”的概念。 If I'm not mistaken, libc leaves this one thread-local, since it's not specified by any standard (and thus does not have any requirements imposed on it) and since the whole purpose of this function is thread-local use like what you're doing. 如果我没记错的话,libc会将此线程保留为本地线程,因为它没有由任何标准指定(因此对此没有任何要求),并且此函数的整个用途都是线程本地使用,就像您所使用的一样在做。 I think this second option is much better if it works. 我认为如果可行,第二种选择会更好。
Finally, there's one solution that's completely portable but slow: fork then use seteuid in the child, call access there, pass the result back to the parent, and _exit . 最后,有一个解决方案是完全可移植但很慢的: fork然后在子seteuid中使用seteuid ,在子级中调用access ,将结果传递回父级,然后使用_exit 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.