ACCESS(2) | System Calls Manual | ACCESS(2) |
access
, faccessat
— check access permissions of a file or
pathname
#include
<unistd.h>
int
access
(const
char *path, int
amode);
#include <fcntl.h>
#include <unistd.h>
int
faccessat
(int
fd, const char
*path, int amode,
int flag);
The
access
()
function checks the accessibility of the file named by
path for the access permissions indicated by
amode. The amode argument is
either the bitwise OR of one or more of the access permissions to be checked
(R_OK
for read permission,
W_OK
for write permission, and
X_OK
for execute/search permission) or the existence
test, F_OK
. All components of the pathname
path are checked for access permissions (including
F_OK
).
The real user ID is used in place of the effective user ID and the real group access list (including the real group ID) is used in place of the effective ID for verifying permission.
If the invoking process has superuser privileges,
access
()
will always indicate success for R_OK
and
W_OK
, regardless of the actual file permission bits.
Likewise, for X_OK
, if the file has any of the
execute bits set and path is not a directory,
access
() will indicate success.
The
faccessat
()
function is equivalent to access
() except that where
path specifies a relative path, the file whose
accessibility is checked is determined relative to the directory associated
with file descriptor fd instead of the current working
directory.
If
faccessat
()
is passed the special value AT_FDCWD
(defined in
<fcntl.h>
) in the
fd parameter, the current working directory is used.
If flag is also zero, the behavior is identical to a
call to access
().
The flag argument is the bitwise OR of zero or more of the following values:
AT_EACCESS
If path cannot be found or if any of the desired access modes would not be granted, then a -1 value is returned; otherwise a 0 value is returned.
Access to the file is denied if:
ENOTDIR
]ENAMETOOLONG
]NAME_MAX
characters, or an entire pathname (including the terminating NUL) exceeded
PATH_MAX
bytes.ENOENT
]ELOOP
]EROFS
]ETXTBSY
]EACCES
]EPERM
]EFAULT
]EIO
]EINVAL
]Additionally, faccessat
() will fail
if:
EINVAL
]AT_EACCESS
.EBADF
]AT_FDCWD
nor a valid file descriptor.ENOTDIR
]EACCES
]The access
() and
faccessat
() functions conform to
IEEE Std 1003.1-2008 (“POSIX.1”).
access
() first appeared as an internal
kernel function in Version 1 AT&T UNIX
and was reimplemented in C before the release of
Version 4 AT&T UNIX. It was first
promoted to a system call in the Programmer's Workbench (PWB/UNIX), which
was later ported to Version 7 AT&T UNIX
and 2BSD.
The faccessat
() function appeared in
OpenBSD 5.0.
Ken Thompson first implemented the
access
() kernel function in C.
access
() and
faccessat
() should never be used for actual access
control. Doing so can result in a time of check vs. time of use security
hole.
January 19, 2015 | OpenBSD-current |