509124b626
It is currently allowed to fchownat(2), fchmodat(2), fchflagsat(2), utimensat(2), fstatat(2), and linkat(2). For linkat(2), PRIV_VFS_FHOPEN privilege is required to exercise the flag. It allows to link any open file. Requested by: trasz Tested by: pho, trasz Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 2 weeks Differential revision: https://reviews.freebsd.org/D29111
273 lines
7.0 KiB
Groff
273 lines
7.0 KiB
Groff
.\" Copyright (c) 1980, 1991, 1993
|
|
.\" The Regents of the University of California. All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. Neither the name of the University nor the names of its contributors
|
|
.\" may be used to endorse or promote products derived from this software
|
|
.\" without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" @(#)access.2 8.2 (Berkeley) 4/1/94
|
|
.\" $FreeBSD$
|
|
.\"
|
|
.Dd March 30, 2021
|
|
.Dt ACCESS 2
|
|
.Os
|
|
.Sh NAME
|
|
.Nm access ,
|
|
.Nm eaccess ,
|
|
.Nm faccessat
|
|
.Nd check accessibility of a file
|
|
.Sh LIBRARY
|
|
.Lb libc
|
|
.Sh SYNOPSIS
|
|
.In unistd.h
|
|
.Ft int
|
|
.Fn access "const char *path" "int mode"
|
|
.Ft int
|
|
.Fn eaccess "const char *path" "int mode"
|
|
.Ft int
|
|
.Fn faccessat "int fd" "const char *path" "int mode" "int flag"
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Fn access
|
|
and
|
|
.Fn eaccess
|
|
system calls check the accessibility of the
|
|
file named by
|
|
the
|
|
.Fa path
|
|
argument
|
|
for the access permissions indicated by
|
|
the
|
|
.Fa mode
|
|
argument.
|
|
The value of
|
|
.Fa mode
|
|
is either the bitwise-inclusive OR of the access permissions to be
|
|
checked
|
|
.Dv ( R_OK
|
|
for read permission,
|
|
.Dv W_OK
|
|
for write permission, and
|
|
.Dv X_OK
|
|
for execute/search permission),
|
|
or the existence test
|
|
.Pq Dv F_OK .
|
|
.Pp
|
|
For additional information, see the
|
|
.Sx "File Access Permission"
|
|
section of
|
|
.Xr intro 2 .
|
|
.Pp
|
|
The
|
|
.Fn eaccess
|
|
system call uses
|
|
the effective user ID and the group access list
|
|
to authorize the request;
|
|
the
|
|
.Fn access
|
|
system call uses
|
|
the real user ID in place of the effective user ID,
|
|
the real group ID in place of the effective group ID,
|
|
and the rest of the group access list.
|
|
.Pp
|
|
The
|
|
.Fn faccessat
|
|
system call is equivalent to
|
|
.Fn access
|
|
except in the case where
|
|
.Fa path
|
|
specifies a relative path.
|
|
In this case the file whose accessibility is to be determined is
|
|
located relative to the directory associated with the file descriptor
|
|
.Fa fd
|
|
instead of the current working directory.
|
|
If
|
|
.Fn faccessat
|
|
is passed the special value
|
|
.Dv AT_FDCWD
|
|
in the
|
|
.Fa fd
|
|
parameter, the current working directory is used and the behavior is
|
|
identical to a call to
|
|
.Fn access .
|
|
Values for
|
|
.Fa flag
|
|
are constructed by a bitwise-inclusive OR of flags from the following
|
|
list, defined in
|
|
.In fcntl.h :
|
|
.Bl -tag -width indent
|
|
.It Dv AT_EACCESS
|
|
The checks for accessibility are performed using the effective user and group
|
|
IDs instead of the real user and group ID as required in a call to
|
|
.Fn access .
|
|
.It Dv AT_RESOLVE_BENEATH
|
|
Only walk paths below the directory specified by the
|
|
.Ar fd
|
|
descriptor.
|
|
See the description of the
|
|
.Dv O_RESOLVE_BENEATH
|
|
flag in the
|
|
.Xr open 2
|
|
manual page.
|
|
.It Dv AT_EMPTY_PATH
|
|
If the
|
|
.Fa path
|
|
argument is an empty string, operate on the file or directory
|
|
referenced by the descriptor
|
|
.Fa fd .
|
|
If
|
|
.Fa fd
|
|
is equal to
|
|
.Dv AT_FDCWD ,
|
|
operate on the current working directory.
|
|
.El
|
|
.Pp
|
|
Even if a process's real or effective user has appropriate privileges
|
|
and indicates success for
|
|
.Dv X_OK ,
|
|
the file may not actually have execute permission bits set.
|
|
Likewise for
|
|
.Dv R_OK
|
|
and
|
|
.Dv W_OK .
|
|
.Sh RETURN VALUES
|
|
.Rv -std
|
|
.Sh ERRORS
|
|
.Fn access ,
|
|
.Fn eaccess ,
|
|
or
|
|
.Fn faccessat
|
|
will fail if:
|
|
.Bl -tag -width Er
|
|
.It Bq Er EINVAL
|
|
The value of the
|
|
.Fa mode
|
|
argument is invalid.
|
|
.It Bq Er ENOTDIR
|
|
A component of the path prefix is not a directory.
|
|
.It Bq Er ENAMETOOLONG
|
|
A component of a pathname exceeded 255 characters,
|
|
or an entire path name exceeded 1023 characters.
|
|
.It Bq Er ENOENT
|
|
The named file does not exist.
|
|
.It Bq Er ELOOP
|
|
Too many symbolic links were encountered in translating the pathname.
|
|
.It Bq Er EROFS
|
|
Write access is requested for a file on a read-only file system.
|
|
.It Bq Er ETXTBSY
|
|
Write access is requested for a pure procedure (shared text)
|
|
file presently being executed.
|
|
.It Bq Er EACCES
|
|
Permission bits of the file mode do not permit the requested
|
|
access, or search permission is denied on a component of the
|
|
path prefix.
|
|
.It Bq Er EFAULT
|
|
The
|
|
.Fa path
|
|
argument
|
|
points outside the process's allocated address space.
|
|
.It Bq Er EIO
|
|
An I/O error occurred while reading from or writing to the file system.
|
|
.It Bq Er EINTEGRITY
|
|
Corrupted data was detected while reading from the file system.
|
|
.El
|
|
.Pp
|
|
Also, the
|
|
.Fn faccessat
|
|
system call may fail if:
|
|
.Bl -tag -width Er
|
|
.It Bq Er EBADF
|
|
The
|
|
.Fa path
|
|
argument does not specify an absolute path and the
|
|
.Fa fd
|
|
argument is
|
|
neither
|
|
.Dv AT_FDCWD
|
|
nor a valid file descriptor.
|
|
.It Bq Er EINVAL
|
|
The value of the
|
|
.Fa flag
|
|
argument is not valid.
|
|
.It Bq Er ENOTDIR
|
|
The
|
|
.Fa path
|
|
argument is not an absolute path and
|
|
.Fa fd
|
|
is neither
|
|
.Dv AT_FDCWD
|
|
nor a file descriptor associated with a directory.
|
|
.It Bq Er ENOTCAPABLE
|
|
.Fa path
|
|
is an absolute path,
|
|
or contained a ".." component leading to a
|
|
directory outside of the directory hierarchy specified by
|
|
.Fa fd ,
|
|
and the process is in capability mode.
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr chmod 2 ,
|
|
.Xr intro 2 ,
|
|
.Xr stat 2
|
|
.Sh STANDARDS
|
|
The
|
|
.Fn access
|
|
system call is expected to conform to
|
|
.St -p1003.1-90 .
|
|
The
|
|
.Fn faccessat
|
|
system call follows The Open Group Extended API Set 2 specification.
|
|
.Sh HISTORY
|
|
The
|
|
.Fn access
|
|
function appeared in
|
|
.At v7 .
|
|
The
|
|
.Fn faccessat
|
|
system call appeared in
|
|
.Fx 8.0 .
|
|
.Sh SECURITY CONSIDERATIONS
|
|
The
|
|
.Fn access
|
|
system call
|
|
is a potential security hole due to race conditions and
|
|
should never be used.
|
|
Set-user-ID and set-group-ID applications should restore the
|
|
effective user or group ID,
|
|
and perform actions directly rather than use
|
|
.Fn access
|
|
to simulate access checks for the real user or group ID.
|
|
The
|
|
.Fn eaccess
|
|
system call
|
|
likewise may be subject to races if used inappropriately.
|
|
.Pp
|
|
.Fn access
|
|
remains useful for providing clues to users as to whether operations
|
|
make sense for particular filesystem objects (e.g. 'delete' menu
|
|
item only highlighted in a writable folder ... avoiding interpretation
|
|
of the st_mode bits that the application might not understand --
|
|
e.g. in the case of AFS).
|
|
It also allows a cheaper file existence test than
|
|
.Xr stat 2 .
|