Like Tree1Likes
  • 1 Post By ledow

File opening

This is a discussion on File opening within the Linux Programming forums, part of the Platform Specific Boards category; Code: CreateFile("C:\quux\bar.foo", GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); Creates ( or opens an existing ) file to read ...

  1. #1
    A source of questions... Benji Wiebe's Avatar
    Join Date
    Mar 2011
    Location
    Durham, Kansas
    Posts
    69

    File opening

    Code:
    CreateFile("C:\\quux\\bar.foo", GENERIC_READ | GENERIC_WRITE, 
            FILE_SHARE_READ, NULL, OPEN_ALWAYS, 
            FILE_ATTRIBUTE_NORMAL, NULL);
    Creates ( or opens an existing ) file to read and write, and lets other applications read the file, but not write to it. Now...
    Is there a way to do this in Linux??
    Ever notice how fast Windows runs?
    Neither did I.
    Which is why I switched to Linux.

  2. #2
    and the hat of wrongness Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    32,672
    You could try the locking sections of -> fcntl(2): change file descriptor - Linux man page
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.
    I support http://www.ukip.org/ as the first necessary step to a free Europe.

  3. #3
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Changing the file descriptor won't prevent other processes from accessing the file if they have the correct permissions. Which you should look at man chmod if you aren't aware of how linux file permissions work.

    So one way to do this would be to create a new user specifically for your application, and set the files it creates 644 (the default), which allows the owner to read and write, and others just to read. For a normal (non root) user, that is your perspective on most of the system.

    Linux also has "advisory" file locks you can apply (they are mentioned in the man page Salem linked above). The idea is that other processes should first check to make sure a file is not locked before accessing it. However, the locks are not enforcable -- if you don't check or don't care, the lock can be ignored.

    SELinux, which is standard on fedora and optional elsewhere, has more specific ways of enforcing rules than basic permissions, but it is slightly arcane.
    Last edited by MK27; 12-10-2011 at 05:55 AM.
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  4. #4
    A source of questions... Benji Wiebe's Avatar
    Join Date
    Mar 2011
    Location
    Durham, Kansas
    Posts
    69
    Quote Originally Posted by MK27 View Post
    Changing the file descriptor won't prevent other processes from accessing the file if they have the correct permissions. Which you should look at man chmod if you aren't aware of how linux file permissions work.

    So one way to do this would be to create a new user specifically for your application, and set the files it creates 644 (the default), which allows the owner to read and write, and others just to read. For a normal (non root) user, that is your perspective on most of the system.

    Linux also has "advisory" file locks you can apply (they are mentioned in the man page Salem linked above). The idea is that other processes should first check to make sure a file is not locked before accessing it. However, the locks are not enforcable -- if you don't check or don't care, the lock can be ignored.

    SELinux, which is standard on fedora and optional elsewhere, has more specific ways of enforcing rules than basic permissions, but it is slightly arcane.
    Is there a somewhat simple way to create a new user from within a program running with root privileges?
    Ever notice how fast Windows runs?
    Neither did I.
    Which is why I switched to Linux.

  5. #5
    Registered User manasij7479's Avatar
    Join Date
    Feb 2011
    Location
    Kolkata@India
    Posts
    2,498
    Quote Originally Posted by Benji Wiebe View Post
    Is there a somewhat simple way to create a new user from within a program running with root privileges?
    Execute "useradd new_user_name" .
    Manasij Mukherjee | gcc-4.8.2 @Arch Linux
    Slow and Steady wins the race... if and only if :
    1.None of the other participants are fast and steady.
    2.The fast and unsteady suddenly falls asleep while running !



  6. #6
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Quote Originally Posted by Benji Wiebe View Post
    Is there a somewhat simple way to create a new user from within a program running with root privileges?
    I suppose, but it doesn't seem like a good idea to me. The concept with users and privileges is that they are relatively permanent. Creating a new user temporarily will not get you around any of the limitations mentioned in the rest of this post.

    Let's say you have an application that you want to run that creates and edits files that other users are only allowed to see, not change. So you create a new user manually, and then the program would change its user id when it runs, qv.

    Setting User ID - The GNU C Library

    Nb, you generally cannot do this if you start the program as a normal user, it would have to be started root. After that, it is somewhat defanged (because it is not root), but it is running as a unique user, meaning it can create files with permissions set as previously described. A lot of linux daemons work this way. You can create users who do not have login privileges, so no one can log in as them -- their account can only be accessed by root using "su", or a root process using setuid().

    I am sure it is not possible to have a program that you start as a normal user that can then do something such that it could create files that you could not also read and write outside of the program, if that is want you want. Also, you cannot lock root out of anything.

    Maybe you should describe more specifically what it is you want to do and why, and someone can provide some better suggestions.
    Last edited by MK27; 12-10-2011 at 01:29 PM.
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  7. #7
    Captain Crash brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,249
    I kind of like the "temp user" idea, even though it's a bit unconventional. Not only is it sandboxed against the rest of the system, it has an unguessable UID and username, has no password, and exists only momentarily. Most systems have a "nobody" account which is supposed to be the least privileged on the system, the problem is there's only one of them so if more than one daemon or application wants something like that they need to beg root to make an account for it. If you could make some unprivileged call (any process can do it) which creates (and switches to) an anonymous user guaranteed to be different from any other user on the system, I can think of a lot of good uses for that.
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

  8. #8
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Quote Originally Posted by brewbuck View Post
    I kind of like the "temp user" idea, even though it's a bit unconventional. Not only is it sandboxed against the rest of the system, it has an unguessable UID and username,
    No,

    1) the UID and username would be in /etc/passwd (even if there is no passwd), at least until you delete the user. Then...
    2) since the OP states that the file is okay for others to read, all they have to do is run stat to get the "unguessable" UID of the file or process. Process and file UID's are not hidden from anyone, regardless of how unique or temporary they are.

    If the file were supposed to be hidden, using a unique user would be worse than pointless, because all of a sudden your needle in a haystack has a big "Where's Waldo?" hat on it. It would be good to chown the file to something other than the process id, but not an unusual one, because when someone catches up with that game, they will know exactly what to look for (files with unusual uid's).

    If you could make some unprivileged call (any process can do it) which creates (and switches to) an anonymous user guaranteed to be different from any other user on the system, I can think of a lot of good uses for that.
    Maybe, but in this context I don't see how it would be useful.
    Last edited by MK27; 12-13-2011 at 02:35 PM.
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  9. #9
    Registered User ledow's Avatar
    Join Date
    Dec 2011
    Posts
    435
    I don't know what you're doing but if you were to try to create new users on any Linux system I used, I'd throw your program in the bin. That's the sort of thing you leave to a sysadmin during an installation process and not just have your program doing. Stopping other applications accessing the file is a bit outside the scope of the chmod attributes on Linux. It doesn't work on applications, only users, and users can run as many applications as they like and the applications can all do what they like (unless you're using SELinux or ACL's) as that user.

    Why would you want to prevent other applications from accessing that file? The only "clean" solution is to add a user for that particular program and run exclusively as that user, then you can do what you like so long as there are no other applications running as that user (which there can easily be, but nobody would bother). Why specifically must other applications be unable to write to that file, outside of normal file locking semantics?
    MK27 likes this.

    - Compiler warnings are like "Bridge Out Ahead" warnings. DON'T just ignore them.
    - A compiler error is something SO stupid that the compiler genuinely can't carry on with its job. A compiler warning is the compiler saying "Well, that's bloody stupid but if you WANT to ignore me..." and carrying on.
    - The best debugging tool in the world is a bunch of printf()'s for everything important around the bits you think might be wrong.

  10. #10
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Quote Originally Posted by ledow View Post
    I don't know what you're doing but if you were to try to create new users on any Linux system I used, I'd throw your program in the bin.
    /usr/bin or bin bin?

    I agree with ledow. I think the best bet here is the traditional one: create a new permanent user only for that program, start the program as root, then setuid to the special user (or, su to the special user, then start the program; you may want to look at the nohup command if you do that).
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  11. #11
    A source of questions... Benji Wiebe's Avatar
    Join Date
    Mar 2011
    Location
    Durham, Kansas
    Posts
    69
    Quote Originally Posted by ledow View Post
    ...Why would you want to prevent other applications from accessing that file?...
    How about a "good" white-list web filter that has a list of domains that no-one can go and edit any time they feel like it?
    Ever notice how fast Windows runs?
    Neither did I.
    Which is why I switched to Linux.

  12. #12
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Quote Originally Posted by Benji Wiebe View Post
    How about a "good" white-list web filter that has a list of domains that no-one can go and edit any time they feel like it?
    This is why you have a system of users and permissions. An application may be bound by the contents of a file it can read (such as a white-list) but cannot modify/write. That way, it can be run by a user with insufficient privileges to create or change the white-list.
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Replies: 6
    Last Post: 11-29-2011, 11:49 PM
  2. File opening
    By cnewbie1 in forum C Programming
    Replies: 2
    Last Post: 12-28-2010, 07:16 AM
  3. opening a zip file
    By smooth in forum Windows Programming
    Replies: 1
    Last Post: 12-16-2008, 04:01 AM
  4. file opening
    By pinkpenguin in forum C Programming
    Replies: 1
    Last Post: 11-28-2005, 09:56 PM
  5. opening a file in DOS
    By alanair23 in forum A Brief History of Cprogramming.com
    Replies: 10
    Last Post: 12-19-2002, 08:02 PM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21