|
Home > Archive > Unix Programming > August 2006 > Per-user file permissions in threaded server
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Per-user file permissions in threaded server
|
|
| skillzero@gmail.com 2006-08-22, 7:35 pm |
| Is there a way to check the access permissions to a specific file or
directory for a UID other than the current/effective UID?
I'm using a threaded file server that runs as root and when a user
wants to access a file, I need to know if they have permission to do
so. Since I can have several users connected to the process at the same
time, I can't change the effective UID of the process. Some OS's
implement a pthread extension to set the effective UID for a particular
thread, but my OS doesn't support that. The server design also doesn't
adapt very well to a per-user fork'd model.
The only way I can think of to do this is to look up the user's UID,
get the list of groups it's part of, and do an exhaustive check against
the owner/group/other permissions of the file. I suspect that will
work, but it's pretty inefficient.
The only other way I thought of is to temporarily change the effective
UID to the user, check the file, then change it back (all while holding
a process-wide mutex to avoid race conditions). I don't know how
efficient that would be either though.
Is there a better way to do this?
| |
| Barry Margolin 2006-08-22, 7:35 pm |
| In article <1156275030.107370.258340@p79g2000cwp.googlegroups.com>,
"skillzero@gmail.com" <skillzero@gmail.com> wrote:
> Is there a way to check the access permissions to a specific file or
> directory for a UID other than the current/effective UID?
>
> I'm using a threaded file server that runs as root and when a user
> wants to access a file, I need to know if they have permission to do
> so. Since I can have several users connected to the process at the same
> time, I can't change the effective UID of the process. Some OS's
> implement a pthread extension to set the effective UID for a particular
> thread, but my OS doesn't support that. The server design also doesn't
> adapt very well to a per-user fork'd model.
>
> The only way I can think of to do this is to look up the user's UID,
> get the list of groups it's part of, and do an exhaustive check against
> the owner/group/other permissions of the file. I suspect that will
> work, but it's pretty inefficient.
I can't think of anything better. There's no system call that takes a
UID and list of GIDs and checks access to a file.
> The only other way I thought of is to temporarily change the effective
> UID to the user, check the file, then change it back (all while holding
> a process-wide mutex to avoid race conditions). I don't know how
> efficient that would be either though.
You would also have to change effective GID and secondary groups, so
that the group permissions check would be correct.
--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
| |
| David Schwartz 2006-08-22, 7:35 pm |
|
skillzero@gmail.com wrote:
> Is there a way to check the access permissions to a specific file or
> directory for a UID other than the current/effective UID?
>
> I'm using a threaded file server that runs as root and when a user
> wants to access a file, I need to know if they have permission to do
> so. Since I can have several users connected to the process at the same
> time, I can't change the effective UID of the process. Some OS's
> implement a pthread extension to set the effective UID for a particular
> thread, but my OS doesn't support that. The server design also doesn't
> adapt very well to a per-user fork'd model.
>
> The only way I can think of to do this is to look up the user's UID,
> get the list of groups it's part of, and do an exhaustive check against
> the owner/group/other permissions of the file. I suspect that will
> work, but it's pretty inefficient.
>
> The only other way I thought of is to temporarily change the effective
> UID to the user, check the file, then change it back (all while holding
> a process-wide mutex to avoid race conditions). I don't know how
> efficient that would be either though.
>
> Is there a better way to do this?
No, there isn't. You should be warned, however, that your approach may
suffer from race conditions that may be exploitable.
DS
| |
| Eric Sosman 2006-08-22, 7:35 pm |
|
skillzero@gmail.com wrote On 08/22/06 15:30,:
> Is there a way to check the access permissions to a specific file or
> directory for a UID other than the current/effective UID?
> [...]
> The only way I can think of to do this is to look up the user's UID,
> get the list of groups it's part of, and do an exhaustive check against
> the owner/group/other permissions of the file. I suspect that will
> work, but it's pretty inefficient.
Wouldn't ACLs make trouble for this approach?
--
Eric.Sosman@sun.com
| |
| David Schwartz 2006-08-22, 7:35 pm |
|
Eric Sosman wrote:
> Wouldn't ACLs make trouble for this approach?
Sadly, there is no solution that doesn't have significant drawbacks.
(Unless your platform has some effective way to say 'perform this
operation the way you would for this user'.)
DS
|
|
|
|
|