Source code to modify access permissions

[Goutham_Linux]

Hello friends,

Can anyone tell me where can I find the file in the source code which deals with checking the access permissions of any file?
I am intending to fine grain the checks for my own application. But I couldn't figure where exactly the file exists in the source tree?

Kindly guide
--Goutham

[Spider7]

Can you clarify what command you want to find the source for or you just want a generic way of finding out the permission of a file? if it's latter, do "man 2 stat".

[Goutham_Linux]

Thanx for the response...

I need to change the code where the kernel checks the permissions of the invoker over a resource. What I mean is.. Suppose a file has permissions something like this: "-rwx------". Only the owner has got the access for the file. Suppose any other user tries to access this file. The permission gets denied. Which source file contains these checks?.. My present need is I need to change the basic permission set to work in a different way.

--Goutham

[matonb]

Goutham_Linux you need to tell us what your trying to achieve.

The file permissions system has worked fine for decades, what's so special in your case?

[Spider7]

Matonb has a good point, maybe you can state what you want to achieve, and chances are, someone has already created a way of addressing it.

Regardless, I haven't searched where it's checked, but would check sys call open, which will likely lead you to the device driver open code.

[Goutham_Linux]

Thanks mates !

I think I should check the system call for open probably...
My intension is nothing new.. Trying to implement "capabilities"

--Goutham.

[Rubberman]

Can anyone tell me where can I find the file in the source code which deals with checking the access permissions of any file?
I am intending to fine grain the checks for my own application. But I couldn't figure where exactly the file exists in the source tree?

Linux and Unix basic file system permissions (assuming that you have not enabled ACLs which is an entirely different kettle of fish) are bit fields, and the low-level kernel code is likely buried deep in the file system interface. Since they are bit fields, the code to validate are simple bit comparisons that come up set or unset (true or false). There are owner, group, and others permissions (fields), with single bits in each field for read, write, and execute permission. Pseudo code for this could be something like:
if user.id == file.owner & file.owner.perms & access_type
or user.group == file.group & file.group.perms & access_type
or file.other.perms & access_type
then return OK
else return NOT-OK.

These bit fields are accessible to user-space programs, so you can validate the access before you actually make the system call to open the file for whatever access type is specified. You need to read the clib API docs related to file system access in detail. If you are not a C programmer, then you have another problem. This type of coding requires understanding of the C language and how to compare and manipulate bit fields in boolean operations.