WG15 Defect Report Ref: 9945-1-69
Topic: file access control

This is an approved interpretation of 9945-1:1990.


Last update: 1997-05-20

                                                                9945-1-90 #69


	Topic:			file access control
	Relevant Sections:	2.3.2,
	Classification:		No change required

Defect Report:

      I would like to request an official, binding
      interpretation from the ISO/IEC concerning the following
      point in ISO/IEC 9945-1:1990 (POSIX.1), 9945-1:1993
      (POSIX.1b), and 13210:1994.

      POSIX.1 says, in (page 105, lines 766-768):

       If the process has appropriate privileges, an
       implementation may indicate success for X_OK even if
       none of the execute file permission bits are set.

      The corresponding assertion in ISO/IEC 13210:1994 says:

      24(C)If the implementation provides a method for
        associating with a process the appropriate privilege
        to override the file access control mechanism:
          When the process has the appropriate privileges to
          override the file access control mechanism, then a
          call to access(path, amode) will succeed when amode
          is set to X_OK and any of the execute bits are set
          or when the file is a directory.

      Is the assertion correct in making a distinction between
      directories and other file types?  My reading of POSIX.1
      and POSIX.1b is that no such distinction is made in the
      description of access() and no such distinction is
      required by descriptions of file access control or of
      directories elsewhere in the standards.  I feel that the
      words "or when the file is a directory" should not be in
      the assertion.

(Chuck Karish)

WG15 response for 9945-1:1990  (9945-1-90 #69)
The standard clearly states the distinction between
directory search permission and execute permission for
other file types (see lines 432-438 of 2.3.2), and conforming
implementations must conform to this.

Rationale for Interpretation:
The sentence preceeding the one from POSIX.1 mentioned in
the interpretation requests refers to section 2.3.2.  That
section says (page 21, lines 432-438):

(1) If a process has the appropriate privilege:
              (a)  If read, write, or directory search
                   permission is requested, access is
              (b)  If execute permission is requested,
                   access is granted if execute permission
                   is granted to at least one user by the
                   file permission bits or by an alternative
                   access control mechanism; otherwise,
                   access is denied.

The assertion rephrases this behavior in terms of the
symbolic constant X_OK.  The same symbolic constant is
used both for execute permission and directory search
permission (see Table 2.8 on page 28), which may obscure
the correspondence between the assertion and the standard.

For a process with appropriate privileges, a call to
access(path, X_OK) must succeed if path refers to a
directory, even if none of the execute/search permission
bits are set for the directory.  The call must also succeed
if path refers to a file with any execute permission bits
set.  Implementations may vary in the case where path refers
to a file and not a directory and there are no execute bits 
Resolution forwarded for review: Oct 18 1995
Finalised: Nov 21 1995