@ page 360,361 line 12734-12768 section sys/stat.h objection [gwc stat modebits]
Problem:
Defect code : 2. Omission
The first POSIX standard in 1988 introduced the symbols S_IRUSR etc.
in the expectation that some implementors might choose to use
different encodings than the traditional ones for the permission
bits in mode_t. I would be very surprised if any implementor has
actually done so, and the traditional permissions encoding is widely
assumed not only in old code but in new code as well.
The number of matches reported by the Google codesearch tool gives a
rough idea of the relative frequency of some typical uses of numeric
permissions and symbolic permissions in open source code:
O_CREAT.*(0600|0666|0700|0777) 20,500
\Wcreat\W.*(0600|0666|0700|0777) 10,700
\Wmkdir\W.*(0700|0777) 25,100
O_CREAT.*(S_IRUSR|S_IRWXU) 6,000
\Wcreat\W.*(S_IRUSR|S_IRWXU) 400
\Wmkdir\W.*(S_IRUSR|S_IRWXU) 7,000
The numbers speak for themselves.
It is time to stop perpetuating the myth that implementors can choose
a different permissions encoding. No workable implementation could do
that, as it would break too much existing code (unless the implementor
doesn't care about portability of real-world code and only wants POSIX
conformance in order to tick a box, but we should not give any
consideration to such implementors).
POSIX should standardise the encoding, allowing application writers to
use 0666 in their code without the fear that it might one day not be
portable to some Weirdnix system, rather than continuing to force
conscientious application writers to use the more cumbersome
(S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IROTH).
Another issue with these symbols, which would be worth addressing at
the same time, is that applications frequently use them in the third
argument to open() without including a (mode_t) cast. The standard
should require the symbols to be defined with an appropriate type to
ensure this usage is portable.
Action:
Replace lines 12734-12735 with:
"The <sys/stat.h> header shall define the following symbolic
constants for the file types encoded in type mode_t."
Replace lines 12744-12768 with:
"The <sys/stat.h> header shall define the following symbolic
constants for the file permission bits encoded in type mode_t,
with the indicated values. These macros shall expand to an
expression which has a type that allows them to be used, either
singly or ORed together, as the third argument to open() without
the need for a (mode_t) cast.
Name Value Description
S_IRWXU 0700 Read, write, execute/search by owner.
S_IRUSR 0400 Read permission, owner.
S_IWUSR 0200 Write permission, owner.
S_IXUSR 0100 Execute/search permission, owner.
S_IRWXG 070 Read, write, execute/search by group.
S_IRGRP 040 Read permission, group.
S_IWGRP 020 Write permission, group.
S_IXGRP 010 Execute/search permission, group.
S_IRWXO 07 Read, write, execute/search by others.
S_IROTH 04 Read permission, others.
S_IWOTH 02 Write permission, others.
S_IXOTH 01 Execute/search permission, others.
S_ISUID 04000 Set-user-ID on execution.
S_ISGID 02000 Set-group-ID on execution.
[XSI] S_ISVTX 01000 On directories, restricted deletion flag. [/XSI]"
Append to RATIONALE, page 363 line 12830:
"The original version of this standard did not specify values for
the file permission bit macros. The expectation was that some
implementors might choose to use a different encoding for these
bits than the traditional one, and that new applications would
use symbolic permissions instead of numeric. This version of the
standard specifies the traditional encoding, in recognition that
nearly 20 years later numeric permissions were still in widespread
use by application writers, and that all conforming implementations
still used the traditional encoding."
|