logo

oasis-root

Compiled tree of Oasis Linux based on own branch at <https://hacktivis.me/git/oasis/> git clone https://anongit.hacktivis.me/git/oasis-root.git

access.3p (11534B)

    

  1. '\" et
  2. .TH ACCESS "3P" 2017 "IEEE/The Open Group" "POSIX Programmer's Manual"
  3. .\"
  4. .SH PROLOG
  5. This manual page is part of the POSIX Programmer's Manual.
  6. The Linux implementation of this interface may differ (consult
  7. the corresponding Linux manual page for details of Linux behavior),
  8. or the interface may not be implemented on Linux.
  9. .\"
  10. .SH NAME
  11. access, faccessat
  12. \(em determine accessibility of a file
  13. descriptor
  14. .SH SYNOPSIS
  15. .LP
  16. .nf
  17. #include <unistd.h>
  18. .P
  19. int access(const char *\fIpath\fP, int \fIamode\fP);
  20. .P
  21. #include <fcntl.h>
  22. .P
  23. int faccessat(int \fIfd\fP, const char *\fIpath\fP, int \fIamode\fP, int \fIflag\fP);
  24. .fi
  25. .SH DESCRIPTION
  26. The
  27. \fIaccess\fR()
  28. function shall check the file named by the pathname pointed to by the
  29. .IR path
  30. argument for accessibility according to the bit pattern contained in
  31. .IR amode .
  32. The checks for accessibility (including directory permissions
  33. checked during pathname resolution) shall be performed using the
  34. real user ID in place of the effective user ID and the real group
  35. ID in place of the effective group ID.
  36. .P
  37. The value of
  38. .IR amode
  39. is either the bitwise-inclusive OR of the access permissions to be
  40. checked (R_OK, W_OK, X_OK) or the existence test (F_OK).
  41. .P
  42. If any access permissions are checked, each shall be checked
  43. individually, as described in the Base Definitions volume of POSIX.1\(hy2017,
  44. .IR "Section 4.5" ", " "File Access Permissions",
  45. except that where that description refers to execute permission for
  46. a process with appropriate privileges, an implementation may indicate
  47. success for X_OK even if execute permission is not granted to any user.
  48. .P
  49. The
  50. \fIfaccessat\fR()
  51. function, when called with a
  52. .IR flag
  53. value of zero, shall be equivalent to the
  54. \fIaccess\fR()
  55. function, except in the case where
  56. .IR path
  57. specifies a relative path. In this case the file whose accessibility is
  58. to be determined shall be located relative to the directory associated
  59. with the file descriptor
  60. .IR fd
  61. instead of the current working directory.
  62. If the access mode of the open file description associated with
  63. the file descriptor is not O_SEARCH, the function shall check
  64. whether directory searches are permitted using the current
  65. permissions of the directory underlying the file descriptor.
  66. If the access mode is O_SEARCH, the function shall not perform the check.
  67. .P
  68. If
  69. \fIfaccessat\fR()
  70. is passed the special value AT_FDCWD in the
  71. .IR fd
  72. parameter, the current working directory shall be used and, if flag is
  73. zero, the behavior shall be identical to a call to
  74. \fIaccess\fR().
  75. .P
  76. Values for
  77. .IR flag
  78. are constructed by a bitwise-inclusive OR of flags from the following
  79. list, defined in
  80. .IR <fcntl.h> :
  81. .IP AT_EACCESS 12
  82. The checks for accessibility (including directory permissions
  83. checked during pathname resolution) shall be performed using the
  84. effective user ID and group ID instead of the real user ID and group ID
  85. as required in a call to
  86. \fIaccess\fR().
  87. .SH "RETURN VALUE"
  88. Upon successful completion, these functions shall return 0. Otherwise,
  89. these functions shall return \-1 and set
  90. .IR errno
  91. to indicate the error.
  92. .SH ERRORS
  93. These functions shall fail if:
  94. .TP
  95. .BR EACCES
  96. Permission bits of the file mode do not permit the requested access, or
  97. search permission is denied on a component of the path prefix.
  98. .TP
  99. .BR ELOOP
  100. A loop exists in symbolic links encountered during resolution of the
  101. .IR path
  102. argument.
  103. .TP
  104. .BR ENAMETOOLONG
  105. .br
  106. The length of a component of a pathname is longer than
  107. {NAME_MAX}.
  108. .TP
  109. .BR ENOENT
  110. A component of
  111. .IR path
  112. does not name an existing file or
  113. .IR path
  114. is an empty string.
  115. .TP
  116. .BR ENOTDIR
  117. A component of the path prefix names an existing file that is neither
  118. a directory nor a symbolic link to a directory, or the
  119. .IR path
  120. argument contains at least one non-\c
  121. <slash>
  122. character and ends with one or more trailing
  123. <slash>
  124. characters and the last pathname component names an existing file
  125. that is neither a directory nor a symbolic link to a directory.
  126. .TP
  127. .BR EROFS
  128. Write access is requested for a file on a read-only file system.
  129. .P
  130. The
  131. \fIfaccessat\fR()
  132. function shall fail if:
  133. .TP
  134. .BR EACCES
  135. The access mode of the open file description associated with
  136. .IR fd
  137. is not O_SEARCH and the permissions of the directory underlying
  138. .IR fd
  139. do not permit directory searches.
  140. .TP
  141. .BR EBADF
  142. The
  143. .IR path
  144. argument does not specify an absolute path and the
  145. .IR fd
  146. argument is neither AT_FDCWD nor a valid file descriptor open
  147. for reading or searching.
  148. .TP
  149. .BR ENOTDIR
  150. The
  151. .IR path
  152. argument is not an absolute path and
  153. .IR fd
  154. is a file descriptor associated with a non-directory file.
  155. .P
  156. These functions may fail if:
  157. .TP
  158. .BR EINVAL
  159. The value of the \fIamode\fP argument is invalid.
  160. .TP
  161. .BR ELOOP
  162. More than
  163. {SYMLOOP_MAX}
  164. symbolic links were encountered during resolution of the
  165. .IR path
  166. argument.
  167. .TP
  168. .BR ENAMETOOLONG
  169. .br
  170. The length of a pathname exceeds
  171. {PATH_MAX},
  172. or pathname resolution of a symbolic link produced an intermediate
  173. result with a length that exceeds
  174. {PATH_MAX}.
  175. .TP
  176. .BR ETXTBSY
  177. Write access is requested for a pure procedure (shared text) file that
  178. is being executed.
  179. .P
  180. The
  181. \fIfaccessat\fR()
  182. function may fail if:
  183. .TP
  184. .BR EINVAL
  185. The value of the
  186. .IR flag
  187. argument is not valid.
  188. .LP
  189. .IR "The following sections are informative."
  190. .SH EXAMPLES
  191. .SS "Testing for the Existence of a File"
  192. .P
  193. The following example tests whether a file named
  194. .BR myfile
  195. exists in the
  196. .BR /tmp
  197. directory.
  198. .sp
  199. .RS 4
  200. .nf
  202. #include <unistd.h>
  203. \&...
  204. int result;
  205. const char *pathname = "/tmp/myfile";
  206. .P
  207. result = access (pathname, F_OK);
  208. .fi
  209. .P
  210. .RE
  211. .SH "APPLICATION USAGE"
  212. Use of these functions is discouraged since by the time the
  213. returned information is acted upon, it is out-of-date. (That is,
  214. acting upon the information always leads to a time-of-check-to-time-of-use
  215. race condition.) An application should instead attempt the action
  216. itself and handle the
  217. .BR [EACCES] 
  218. error that occurs if the file is not accessible (with a change of
  219. effective user and group IDs beforehand, and perhaps a change back
  220. afterwards, in the case where
  221. \fIaccess\fR()
  222. or
  223. \fIfaccessat\fR()
  224. without AT_EACCES would have been used.)
  225. .P
  226. Historically, one of the uses of
  227. \fIaccess\fR()
  228. was in set-user-ID root programs to check whether the user running
  229. the program had access to a file. This relied on ``super-user''
  230. privileges which were granted based on the effective user ID being
  231. zero, so that when
  232. \fIaccess\fR()
  233. used the real user ID to check accessibility those privileges
  234. were not taken into account. On newer systems where privileges
  235. can be assigned which have no association with user or group IDs,
  236. if a program with such privileges calls
  237. \fIaccess\fR(),
  238. the change of IDs has no effect on the privileges and therefore
  239. they are taken into account in the accessibility checks. Thus,
  240. \fIaccess\fR()
  241. (and
  242. \fIfaccessat\fR()
  243. with flag zero) cannot be used for this historical purpose in
  244. such programs. Likewise, if a system provides any additional or
  245. alternate file access control mechanisms that are not user ID-based,
  246. they will still be taken into account.
  247. .P
  248. If a relative pathname is used, no account is taken of whether
  249. the current directory (or the directory associated with the
  250. file descriptor
  251. .IR fd )
  252. is accessible via any absolute pathname. Applications using
  253. \fIaccess\fR(),
  254. or
  255. \fIfaccessat\fR()
  256. without AT_EACCES, may consequently act as if the file would be
  257. accessible to a user with the real user ID and group ID of the
  258. process when such a user would not in practice be able to access the file
  259. because access would be denied at some point above the current directory
  260. (or the directory associated with the file descriptor
  261. .IR fd )
  262. in the file hierarchy.
  263. .P
  264. If
  265. \fIaccess\fR()
  266. or
  267. \fIfaccessat\fR()
  268. is used with W_OK to check for write access to a directory which has
  269. the S_ISVTX bit set, a return value indicating the directory is
  270. writable can be misleading since some operations on files in the
  271. directory would not be permitted based on the ownership of those files
  272. (see the Base Definitions volume of POSIX.1\(hy2017,
  273. .IR "Section 4.3" ", " "Directory Protection").
  274. .P
  275. Additional values of
  276. .IR amode
  277. other than the set defined in the description may be valid; for
  278. example, if a system has extended access controls.
  279. .P
  280. The use of the AT_EACCESS value for
  281. .IR flag
  282. enables functionality not available in
  283. \fIaccess\fR().
  284. .SH RATIONALE
  285. In early proposals, some inadequacies in the
  286. \fIaccess\fR()
  287. function led to the creation of an
  288. \fIeaccess\fR()
  289. function because:
  290. .IP " 1." 4
  291. Historical implementations of
  292. \fIaccess\fR()
  293. do not test file access correctly when the process'
  294. real user ID is
  295. superuser. In particular, they always return zero when testing execute
  296. permissions without regard to whether the file is executable.
  297. .IP " 2." 4
  298. The superuser has complete access to all files on a system. As a
  299. consequence, programs started by the superuser and switched to the
  300. effective user ID
  301. with lesser privileges cannot use
  302. \fIaccess\fR()
  303. to test their file access permissions.
  304. .P
  305. However, the historical model of
  306. \fIeaccess\fR()
  307. does not resolve problem (1), so this volume of POSIX.1\(hy2017 now allows
  308. \fIaccess\fR()
  309. to behave in the desired way because several implementations have
  310. corrected the problem. It was also argued that problem (2) is more
  311. easily solved by using
  312. \fIopen\fR(),
  313. \fIchdir\fR(),
  314. or one of the
  315. .IR exec
  316. functions as appropriate and responding to the error, rather than
  317. creating a new function that would not be as reliable. Therefore,
  318. \fIeaccess\fR()
  319. is not included in this volume of POSIX.1\(hy2017.
  320. .P
  321. The sentence concerning appropriate privileges and execute permission
  322. bits
  323. reflects the two possibilities implemented by historical
  324. implementations when checking superuser access for X_OK.
  325. .P
  326. New implementations are discouraged from returning X_OK unless at least
  327. one execution permission bit is set.
  328. .P
  329. The purpose of the
  330. \fIfaccessat\fR()
  331. function is to enable the checking of the accessibility of files in
  332. directories other than the current working directory without exposure
  333. to race conditions. Any part of the path of a file could be changed in
  334. parallel to a call to
  335. \fIaccess\fR(),
  336. resulting in unspecified behavior. By opening a file descriptor for
  337. the target directory and using the
  338. \fIfaccessat\fR()
  339. function it can be guaranteed that the file tested for accessibility is
  340. located relative to the desired directory.
  341. .SH "FUTURE DIRECTIONS"
  342. These functions may be formally deprecated (for example, by shading
  343. them OB) in a future version of this standard.
  344. .SH "SEE ALSO"
  345. .IR "\fIchmod\fR\^(\|)",
  346. .IR "\fIfstatat\fR\^(\|)"
  347. .P
  348. The Base Definitions volume of POSIX.1\(hy2017,
  349. .IR "Section 4.5" ", " "File Access Permissions",
  350. .IR "\fB<fcntl.h>\fP",
  351. .IR "\fB<unistd.h>\fP"
  352. .\"
  353. .SH COPYRIGHT
  354. Portions of this text are reprinted and reproduced in electronic form
  355. from IEEE Std 1003.1-2017, Standard for Information Technology
  356. -- Portable Operating System Interface (POSIX), The Open Group Base
  357. Specifications Issue 7, 2018 Edition,
  358. Copyright (C) 2018 by the Institute of
  359. Electrical and Electronics Engineers, Inc and The Open Group.
  360. In the event of any discrepancy between this version and the original IEEE and
  361. The Open Group Standard, the original IEEE and The Open Group Standard
  362. is the referee document. The original Standard can be obtained online at
  363. http://www.opengroup.org/unix/online.html .
  364. .PP
  365. Any typographical or formatting errors that appear
  366. in this page are most likely
  367. to have been introduced during the conversion of the source files to
  368. man page format. To report such errors, see
  369. https://www.kernel.org/doc/man-pages/reporting_bugs.html .