Home > Software design >  Can std::filesystem::permissions change secure file permissions
Can std::filesystem::permissions change secure file permissions

Time:02-15

I have been experimenting, with the std::filesystem and I came across the permissions function, which allows you to change the access permissions that users have to files. This seems almost like it could be a bad thing though because anyone can run a program and gain access to files that they shouldn't. Is this how it works? Can any program access any file and change its permissions. Or can the program only change permissions of files that it 'owns'?

CodePudding user response:

The operating system kernel is responsible for enforcing access control, and such enforcement applies to all programs, regardless of what APIs they use. On a Unix-like operating system, a process can only change file permissions if:

  • the process's effective user ID matches the file's owner, or
  • the process has the CAP_FOWNER capability (which is normally only held by root).

As such, when you compile and run a program that uses std::filesystem::permissions, it is subject to the above restrictions and will not be able to mess with the permissions of other users' files willy-nilly. A call to std::filesystem::permissions that attempts to violate the above restrictions will not succeed, and (hopefully) will report an error as described here.

  • Related