> Ruby seems to prefer to check access rights based on > effective uid where > possible and not on the actual uid and some platforms > provide a system > call to facilitate this. OpenSolaris doesn't so the > fallback is to > perform manual checks using the 'mode' of the > file/directory. This > completely ignores any ACLs that may be set on that > file/directory. The > access() system call is a standard C-library function > and on OpenSolaris > it works with ACLs but as it uses the real uid it's > only used as a > fallback if a platform has no way to determine > effective uid. > OpenSolaris does, so access() is never used. >
Thanks for the helpful explanation, in this case, I think there is a solution. Just checked `man access`, and there is a faccessat() call can use AT_EACCESS flag to check permission with effective uid/gid. Quoted below, The faccessat() function is equivalent to the access() func- tion, except in the case where path specifies a relative path. In this case the file whose accessibility is to be determined is located relative to the directory associated with the file descriptor fd instead of the current working directory. If faccessat() is passed in the fd parameter the special value AT_FDCWD, defined in <fcntl.h>, the current working directory is used and the behavior is identical to a call to access(). Values for flag are constructed by a bitwise-inclusive OR of flags from the following list, defined in <fcntl.h>: AT_EACCESS The checks for accessibility are performed using the effective user and group IDs instead of the real user and group ID as required in a call to access(). > Basically for OpenSolaris the whole thing needs a > rethink. > > I'll raise an RFE for it. Did you look at Daniel > Berger's solaris-file > ruby extension > (http://github.com/djberg96/solaris-file)? > Unfortunately > it doesn't extend File.readable?, etc, it just adds > ACL support. > No, I missed it somehow. Now google search finds it at github, seems to be added on Jan. 17. Thanks again for the pointer. Cheers, Henry -- This message posted from opensolaris.org