/dir1/.../dirX/ : file_permissions
/dir1/.../dirX/
.
/dir/.../dir/file : file_permissions
/dir/.../dir/file
.
/ : A /foo : B /foo/ : C /foo/bar.c : D /baz : Ethen we have
/qux.c
has permissions A
/foo
has permissions B
/foo/qux.c
has permissions C
/foo/bar.c
has permissions D
/baz/qux.c
has permissions A
!
uid:tags
or $group:tags
. Here
uid
is a UID, $group
is a group, and
tags
are permission tags. The
uid:tags
pairs always preceed the
$group:tags
.
Permission tags are:
r
: permission to read.
w
: permission to write.
c
: permission to change file permissions.
group:tags
pairs in a file permission is
important. Only the first $group
that matches a given UID
determines that UID's rights. For example, suppose frege
is a member of groups $wizard
and $player
,
and that file permissions are
gedeon:rwc $wizard:rw $player:rthen
frege
can read and write. On the other hand,
if file permissions are
gedeon:rwc $player:r $wizard:wrthen
frege
can only read.
NOTE: there are three exceptions. The special groups
$readall
, $writeall
, and
$changeall
have permissions to read, write and change
file permissions for any file, respectively.
The following efuns and applies work with file security:
int valid_read(string file, mixed uid, string s)
readp()
instead.
Argument uid
can be a UID or an object. If it is an
object, than that object's EUID is used. Argument s
is
ignored, but must be present for backward compatiblity. Argument
file
is an absolute file name. The function returns
1
if uid
has the permission to read
file
.
int valid_write(string file, mixed uid, string s)
writep()
instead.
Argument uid
can be a UID or an object. If it is an
object, than that object's EUID is used. Argument s
is
ignored, but must be present for backward compatiblity. Argument
file
is an absolute file name. The function returns
1
if uid
has the permission to write
file
.
int readp(string file, mixed uid)
uid
can be a UID or an object. If it is an
object, than that object's EUID is used. Argument file
is
an absolute file name. The function returns 1
if
uid
has the permission to read file
.
int writep(string file, mixed uid)
uid
can be a UID or an object. If it is an
object, than that object's EUID is used. Argument file
is
an absolute file name. The function returns 1
if
uid
has the permission to write file
.
int change_perm_p(string file, mixed uid)
uid
can be a UID or an object. If it is an
object, than that object's EUID is used. Argument file
is
an absolute file name. The function returns 1
if
uid
has the permission to change permissions of
file
.
int get_perm(string file, mixed uid)
uid
can be a UID or an object. If it is an
object, than that object's EUID is used. Argument file
is
an absolute file name. The return value describes the
file permissions of file
for uid
, and it
is a bitwise or of constants PERM_READ
,
PERM_WRITE
and PERM_CHANGE
. These constants
are defined in the file /include/file.h
, which can be
included with #include <file.h>
.
int set_perm(string file, list *perm)
file
to perm
.
The function returns 1
on success, and 0
otherwise. It may fail because file
does not exist, or
because the object that called the function does not have the
permission to chage permissions of file
.
Argument perm
is a list of pairs of the form
({ "uid", perm_bits })
, or
({ "$group", perm_bits })
, where
perm_bits
describes the new permission, and is a
bitwise or of constants PERM_READ
,
PERM_WRITE
and PERM_CHANGE
. These constants
are defined in the file /include/file.h
, which can be
included with #include <file.h>
.