— check access permissions of a
file or pathname
char *path, int
fd, const char
*path, int amode,
function checks the accessibility of the file named by
path for the access permissions indicated by
amode. The amode argument is
either the bitwise OR of one or more of the access permissions to be checked
R_OK for read permission,
W_OK for write permission, and
X_OK for execute/search permission) or the existence
F_OK. All components of the pathname
path are checked for access permissions (including
The real user ID is used in place of the effective user ID and the real group access list (including the real group ID) is used in place of the effective ID for verifying permission.
If the invoking process has superuser privileges,
will always indicate success for
W_OK, regardless of the actual file permission bits.
X_OK, if the file has any of the
execute bits set and path is not a directory,
access() will indicate success.
function is equivalent to
access() except that where
path specifies a relative path, the file whose
accessibility is checked is determined relative to the directory associated
with file descriptor fd instead of the current working
is passed the special value
AT_FDCWD (defined in
<fcntl.h>) in the
fd parameter, the current working directory is used.
If flag is also zero, the behavior is identical to a
The flag argument is the bitwise OR of zero or more of the following values:
- The checks for accessibility are performed using the effective user and group IDs instead of the real user and group IDs.
If path cannot be found or if any of the desired access modes would not be granted, then a -1 value is returned; otherwise a 0 value is returned.
Access to the file is denied if:
- A component of the path prefix is not a directory.
- A component of a pathname exceeded
NAME_MAXcharacters, or an entire pathname (including the terminating NUL) exceeded
- The named file does not exist.
- Too many symbolic links were encountered in translating the pathname.
- Write access is requested for a file on a read-only file system.
- Write access is requested for a pure procedure (shared text) file presently being executed.
- Permission bits of the file mode do not permit the requested access, or search permission is denied on a component of the path prefix. The owner of a file has permission checked with respect to the “owner” read, write, and execute mode bits, members of the file's group other than the owner have permission checked with respect to the “group” mode bits, and all others have permissions checked with respect to the “other” mode bits.
- Write access has been requested and the named file has its immutable flag set (see chflags(2)).
- path points outside the process's allocated address space.
- An I/O error occurred while reading from or writing to the file system.
- An invalid value was specified for amode.
faccessat() will fail
- The value of the flag argument was neither zero nor
- The path argument specifies a relative path and the
fd argument is neither
AT_FDCWDnor a valid file descriptor.
- The path argument specifies a relative path and the fd argument is a valid file descriptor but it does not reference a directory.
- The path argument specifies a relative path but search permission is denied for the directory which the fd file descriptor references.
faccessat() functions conform to
IEEE Std 1003.1-2008 (“POSIX.1”).
access() first appeared as an internal
kernel function in Version 1 AT&T UNIX.
It became a system call, first appearing outside of Bell Labs in the
“50 changes” tape for Version 6
AT&T UNIX. The first official release with the system call was
PWB/UNIX 1.0. It was also included in 2BSD.
faccessat() function appeared in
faccessat() should never be used for actual access
control. Doing so can result in a time of check vs. time of use security