c - 可执行文件设置root suid，但access(path, W_OK) 仍然返回-1？

Question

为什么可执行文件设置了root suid，但是access(path, W_OK) 仍然返回-1？

代码:

#include <stdio.h>
#include <unistd.h>

int main()
{
    printf("privilege => %d\n", access("/usr/local/etc/t.conf", W_OK));
    return 0;
}

测试运行:

[www@mypy access]$ ll
总用量 12
-rwsrwxr-x. 1 root root 6600 1月  22 10:05 access
-rw-rw-r--. 1 www  www   135 1月  22 10:05 access.c

[www@mypy access]$ ./access 
privilege => -1

[root@mypy access]# ./access 
privilege => 0

Answer 1

access 库函数有意检查真实用户的访问权限，忽略了可执行文件具有不同的有效 UID/GID 这一事实。

如果您只想知道是否可以进行读或写访问，您可以打开文件并查看是否有错误。但是，细心的 setuid 可执行文件通常想知道真实用户是否能够对文件执行操作。要找出答案，他们可以使用 access 库函数。

这在 man 2 access 中有解释:

The check is done using the calling process's real UID and GID, rather than the effective IDs as is done when actually attempting an operation (e.g., open(2)) on the file.…

This allows set-user-ID programs and capability-endowed programs to easily determine the invoking user's authority. In other words, access() does not answer the "can I read/write/execute this file?" question. It answers a slightly different question: "(assuming I'm a setuid binary) can the user who invoked me read/write/execute this file?", which gives set-user-ID programs the possibility to prevent malicious users from causing them to read files which users shouldn't be able to read.