On 11/03/2022 10:42, Ulrich Windl wrote:
I noticed that "test -r file" returns success when called as root for a file with these permissions: "--w-------" (see also https://stackoverflow.com/q/71435657/6607497)The documentation simply states: ‘-r FILE’ True if FILE exists and read permission is granted. Doing an strace it seems stat() is used to check the permissions (well, what about ACLs, just in case?) I think there should be a better explanatiomn how the permission tests work, especially when called as "root". (Report based on coreutils-8.32-150300.3.5.1 from openSUSE Leap 15.3)
I agree the current docs are ambiguous. I'll apply the attached later to address this. thanks, Pádraig
From 8d4a616d5abe8bcd8a1760654a8f23b08cba92f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=A1draig=20Brady?= <p...@draigbrady.com> Date: Fri, 11 Mar 2022 12:47:05 +0000 Subject: [PATCH] doc: test: clarify that -rwx don't just check perm bits * src/test.c (usage): State that -rwx is determined by user access, rather than permission bits. * doc/coreutils.texi (Access permission tests): Likewise. * man/test.x [SEE ALSO]: access(2). Fixes https://bugs.gnu.org/54338 --- doc/coreutils.texi | 6 +++--- man/test.x | 2 ++ src/test.c | 6 +++--- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/doc/coreutils.texi b/doc/coreutils.texi index 05dc5ee21..c9243c683 100644 --- a/doc/coreutils.texi +++ b/doc/coreutils.texi @@ -13451,7 +13451,7 @@ True if @var{file} exists and has its @dfn{sticky} bit set. @item -r @var{file} @opindex -r @cindex readable file check -True if @var{file} exists and read permission is granted. +True if @var{file} exists and the user has read access. @item -u @var{file} @opindex -u @@ -13461,12 +13461,12 @@ True if @var{file} exists and has its set-user-ID bit set. @item -w @var{file} @opindex -w @cindex writable file check -True if @var{file} exists and write permission is granted. +True if @var{file} exists and the user has write access. @item -x @var{file} @opindex -x @cindex executable file check -True if @var{file} exists and execute permission is granted +True if @var{file} exists and the user has execute access (or search permission, if it is a directory). @item -O @var{file} diff --git a/man/test.x b/man/test.x index 0adc35fee..61a2d0a2f 100644 --- a/man/test.x +++ b/man/test.x @@ -17,3 +17,5 @@ test \- check file types and compare values .I OPTION [DESCRIPTION] .\" Add any additional description here +[SEE ALSO] +access(2) diff --git a/src/test.c b/src/test.c index 6daad3b34..cea7dc10d 100644 --- a/src/test.c +++ b/src/test.c @@ -750,15 +750,15 @@ EXPRESSION is true or false and sets exit status. It is one of:\n\ -N FILE FILE exists and has been modified since it was last read\n\ -O FILE FILE exists and is owned by the effective user ID\n\ -p FILE FILE exists and is a named pipe\n\ - -r FILE FILE exists and read permission is granted\n\ + -r FILE FILE exists and the user has read access\n\ -s FILE FILE exists and has a size greater than zero\n\ "), stdout); fputs (_("\ -S FILE FILE exists and is a socket\n\ -t FD file descriptor FD is opened on a terminal\n\ -u FILE FILE exists and its set-user-ID bit is set\n\ - -w FILE FILE exists and write permission is granted\n\ - -x FILE FILE exists and execute (or search) permission is granted\n\ + -w FILE FILE exists and the user has write access\n\ + -x FILE FILE exists and the user has execute (or search) access\n\ "), stdout); fputs (_("\ \n\ -- 2.26.2
