access Function:
When we open a file, the kernel performs its access tests based on the effective user and group IDs. There are times when a process wants to test accessibility based on the real user and group IDs. This is useful when a process is running as someone else, using either the set-user-ID or the set-group-ID feature. Even though a process might beset-user-ID to root, it could still want to verify that the read user can access a given file. The access function bases its tests on the real user and group IDs.
#include <fcntl.h>
#include "apue.h"
#include "my_err.h"
int main(int argc, char* argv[])
{
if( argc != 2 )
{
err_quit("usage: a .out <pathname>");
}
if( access( argv[1], R_OK) < 0 )
{
err_ret("access error for %s", argv[1]);
}
else
{
printf("read access ok\n");
}
if( open( argv[1], O_RDONLY) < 0 )
{
err_ret("open error for %s", argv[1]);
}
else
{
printf("open for reading OK\n");
}
exit(0);
}
说明:a.out本来没有权限访问/etc/shadow文件,该文件只有root用户才有权限,但是我们把a.out改成root的文件,再增加S属性,虽然用的是普通的用户去执行root用户的文件,由于a.out 文件有S属性,所以,它的有效用户id还是root的id,也只有这样,a.out 才能访问/etc/shadow文件。