Function access and faccessat
When the instructions to create a file open or creat, it did not specify what the values of the user ID and group ID given to the new file yes. The same rules on ownership of the new file with the ownership of the new directory will be described in this section.
The new user ID file to the user's effective user ID. About group ID, POSIX.1 allows you to select one of the following group ID as a new file.
(1) group ID of the new file can be an effective group ID of the process.
Group ID (2) of the new file can be set in its directory ID.
In SVR4, the group ID of the new file depends on it in the settings directory - Group -ID bit is set. If the directory of this one has been set, the group ID of the new file group ID is set to directory; otherwise, a new file group ID for the effective group ID of the process.
access function
As previously mentioned, when a file is opened with the open function, the kernel process valid user ID and group ID is valid based access permission to perform its tests. And that the process also hope that in accordance with its real user ID and real group ID to test their ability to access. For example, when a process using the settings - -ID user, or set - group -ID characteristics as another user (or group) is running, which it may be required. Even if a process may have been set up - as the root user -ID, it may still want to verify the actual user can access a given file. access function is based on real user ID and real group ID of the process access permissions for testing.
chmod function automatically cleared two permission bits under the following conditions.
- If we try to stick to set the bit ordinary file (S_ISVTX), and the absence of super-user privileges, then stick bit mode is automatically turned off. This means that only the super user can set the stick to position a regular file. The reason for this can prevent malicious user settings stick position, and the view in this way fills the exchange zone (if the system supports saving - if the text feature).
- Create a new set of file group ID may not be the calling process belongs. Group ID of the new file may be group ID of the parent directory. In particular, the effective group ID or process group ID if the group ID to add the new file is not equal in a process, and the process does not have superuser priority number, set - Group -ID is automatically turned off. This prevents the user to create a set - Group -ID file, and the user group is not owned by the user owns.
4.3 + BSD and other Berkeley derived system adds additional security features used in view of the error protection bit is placed. If a user is not super-priority process to write a file, the settings - User -ID bit and set - group -ID is automatically cleared. If a malicious user to find a set that he can write - Group -ID and settings - User -ID file, even if it can modify this file, but lost a high priority to the file.
Berkeley-based systems has been stipulated that only the superuser can change the owner of a file. The reason for this is to prevent users from changing the owner of files to get rid of their disk space quota restrictions on them. System V allows any user to change the owner of their own files.
The constant is defined in the header Optional <unist.h> in, but is always to be pathconf or fpathconf function queries. This selection is also concerned with the referenced document - in each file system may be based on the selection of the enabled or disabled. Hereinafter referred to as "If _POSIX_CHOWN_RESTRICTED function", which indicates that we are talking about applies to documents, regardless of whether the actual constant is defined in a file (e.g., 4.3 + BSD always have this limitation, but not in the this constant is defined in the header file)
If _POSIX_CHWON_RESTRICTED work on the specified file,
(1) only superuser processes can change the file's user ID
(2) if the following conditions are met, a non-superuser process can change the file's group ID
(A) process has this document (which is equal to the effective user ID of the user's file ID)
one of adding the group ID user ID (B) is equal to the parameter file owner, the parameter group is equal to the process or processes of the effective group ID
File truncated
Sometimes, we need to cut off the end of some of the data in the file to shorten the file. The file is truncated to a length of 0 is a special case, with O_TRUNC logo can do it. To cut short the Egyptian you can call functions truncate and ftruncate.
these two paths will Korean pathname or file descriptor fields open an existing file specified length truncated length. If the document length is greater than the previous length, data length other than the access will not be exceeded. If the length of the previous shorter than the length, the consequences associated with the system. If a treatment to achieve is to extend the file, the data between the end of the end of the previous file and the new file will be read as 0 (that is created in the file a hollow)
File system
Currently, NUIX file system is being used for a variety of implementation.
We can put a disk into one or more partitions. Each partition may comprise a file system .i nodes are fixed-length entries, which contains most of the information about the file.
-
There are two directory entries point to the same i-node. Each node i has a link count, which is the value of the entry point to the directory i-node number in the figure only when the link count reduces to zero, can delete the the reason the file (that is, you can release the data blocks occupied by the file). this is why the "lifting of a link to the file" operation does not always mean "free disk blocks occupied by that file." this is why delete a directory entry the reason is referred to unlink not delete delete in the stat structure, contained in the link count st_nlink members, the basic data type is the system nlink_t. such links are known as hard links.
-
Another type of link is called a symbolic link (synbolic link). The actual contents of the symbolic link file (data block) contains the name of the symbolic link file pointed.
-
i-node contains all the information about the file: Most of the information file type, file access permission bits, and the length of the file pointer to the file data blocks, etc. .stat structures are taken from the i-node only two important data stored in the directory. item: file name and data type of the i-node number .i node number is ino_t.
-
Because the directory entry in the i-node number points to the same file system corresponding i-node, a node item i can not point to another file system directory. This is the reason why the ln (1) command can not cross file system.
-
When a file is renamed without changing the file system, the actual contents of the file does not move, just construct a new directory entry pointing to existing i nodes, and delete the old directory entry link does not count will change. for example, the file / usr / lib / foo renames / usr / foo, if the directory / usr / lib and / usr contents of the file foo does not need to move in the same file system. this is the mv (1) command the normal operational mode.
Function link, linkat, unlink, unlinkat and remove
Any file can have a plurality of directory i-node point thereof. The method of creating a link to an existing file is to use a function or linkat link function.
#include<unistd.h>
int link(const char * existingpath, const char * newpath);
int linkat(const efd,const char * existingpath,const nfd,const char * newpath,int flag);
Two return value: If successful, returns 0; if the error, return -1;
These two functions to create a new directory newpath, it refers to an existing file existingpath. If newpath already exists, an error is returned. Newpath created only last a component in other parts of the path should already exist.
For linkat function to absorb and documented by efd existingpath parameters specified by a new path name parameter specifies nfd and newpath. By default, if any one of two path name is a relative path, it need calculated relative to the corresponding file descriptor. If either one of the two file descriptors to AT_FDCWD, then the corresponding path name (if it is a relative path) is calculated with respect to the current through the directory. If any pathname is the absolute path to the file descriptor parameter response will be ignored.
Only when the count reaches zero, the contents of the file are deleted before another condition will prevent the contents of the file - as long as there is a process to open the file, its contents can not be deleted when you close a file, the kernel first checks Open the number of process the file; if this technology reaches 0, the kernel go check their link count; if the count is 0, then delete the contents of the file.
This feature is often unlink procedures used to ensure that even when the program crashes, it creates temporary files will not be left behind. Process creates a file open or creat, then call unlink immediately, because the file is still open, it will not be content to be removed. only when the process closes the file or suspended (in this case, the kernel close all files opened by the process), the contents of the file is deleted only.
Rename function or renameat
Files or directories can be renamed with the rename function or renameat function.
#include<stdio.h>
int rename(const char*oldname,const char*newname);
int renameat(int oldfd,const char*oldname,int newfd,const char *newname);