f956375817
is seems to be a problem for SUID applications, which we like to prevent as much as possible. PR: docs/39530 Submitted by: Soren Spies <sspies at apple dot com> MFC After: 3 days
166 lines
4.8 KiB
Groff
166 lines
4.8 KiB
Groff
.\" Copyright (c) 1980, 1991, 1993
|
|
.\" The Regents of the University of California. All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 4. Neither the name of the University nor the names of its contributors
|
|
.\" may be used to endorse or promote products derived from this software
|
|
.\" without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" @(#)access.2 8.2 (Berkeley) 4/1/94
|
|
.\" $FreeBSD$
|
|
.\"
|
|
.Dd December 8, 2007
|
|
.Dt ACCESS 2
|
|
.Os
|
|
.Sh NAME
|
|
.Nm access , eaccess
|
|
.Nd check accessibility of a file
|
|
.Sh LIBRARY
|
|
.Lb libc
|
|
.Sh SYNOPSIS
|
|
.In unistd.h
|
|
.Ft int
|
|
.Fn access "const char *path" "int mode"
|
|
.Ft int
|
|
.Fn eaccess "const char *path" "int mode"
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Fn access
|
|
and
|
|
.Fn eaccess
|
|
system calls check the accessibility of the
|
|
file named by
|
|
the
|
|
.Fa path
|
|
argument
|
|
for the access permissions indicated by
|
|
the
|
|
.Fa mode
|
|
argument.
|
|
The value of
|
|
.Fa mode
|
|
is either the bitwise-inclusive OR of the access permissions to be
|
|
checked
|
|
.Dv ( R_OK
|
|
for read permission,
|
|
.Dv W_OK
|
|
for write permission, and
|
|
.Dv X_OK
|
|
for execute/search permission),
|
|
or the existence test
|
|
.Pq Dv F_OK .
|
|
.Pp
|
|
For additional information, see the
|
|
.Sx "File Access Permission"
|
|
section of
|
|
.Xr intro 2 .
|
|
.Pp
|
|
The
|
|
.Fn eaccess
|
|
system call uses
|
|
the effective user ID and the group access list
|
|
to authorize the request;
|
|
the
|
|
.Fn access
|
|
system call uses
|
|
the real user ID in place of the effective user ID,
|
|
the real group ID in place of the effective group ID,
|
|
and the rest of the group access list.
|
|
.Pp
|
|
Even if a process's real or effective user has appropriate privileges
|
|
and indicates success for
|
|
.Dv X_OK ,
|
|
the file may not actually have execute permission bits set.
|
|
Likewise for
|
|
.Dv R_OK
|
|
and
|
|
.Dv W_OK .
|
|
.Sh RETURN VALUES
|
|
.Rv -std
|
|
.Sh ERRORS
|
|
Access to the file is denied if:
|
|
.Bl -tag -width Er
|
|
.It Bq Er ENOTDIR
|
|
A component of the path prefix is not a directory.
|
|
.It Bq Er ENAMETOOLONG
|
|
A component of a pathname exceeded 255 characters,
|
|
or an entire path name exceeded 1023 characters.
|
|
.It Bq Er ENOENT
|
|
The named file does not exist.
|
|
.It Bq Er ELOOP
|
|
Too many symbolic links were encountered in translating the pathname.
|
|
.It Bq Er EROFS
|
|
Write access is requested for a file on a read-only file system.
|
|
.It Bq Er ETXTBSY
|
|
Write access is requested for a pure procedure (shared text)
|
|
file presently being executed.
|
|
.It Bq Er EACCES
|
|
Permission bits of the file mode do not permit the requested
|
|
access, or search permission is denied on a component of the
|
|
path prefix.
|
|
.It Bq Er EFAULT
|
|
The
|
|
.Fa path
|
|
argument
|
|
points outside the process's allocated address space.
|
|
.It Bq Er EIO
|
|
An I/O error occurred while reading from or writing to the file system.
|
|
.El
|
|
.Sh SECURITY CONSIDERATIONS
|
|
The
|
|
.Fn access
|
|
system call
|
|
is a potential security hole due to race conditions and
|
|
should never be used.
|
|
Set-user-ID and set-group-ID applications should restore the
|
|
effective user or group ID,
|
|
and perform actions directly rather than use
|
|
.Fn access
|
|
to simulate access checks for the real user or group ID.
|
|
The
|
|
.Fn eaccess
|
|
system call
|
|
likewise may be subject to races if used inappropriately.
|
|
.Pp
|
|
.Fn access
|
|
remains useful for providing clues to users as to whether operations
|
|
make sense for particular filesystem objects (e.g. 'delete' menu
|
|
item only highlighted in a writable folder ... avoiding interpretation
|
|
of the st_mode bits that the application might not understand --
|
|
e.g. in the case of AFS). It also allows a cheaper file existance
|
|
test than
|
|
.Ns Xr stat 2 .
|
|
.Sh SEE ALSO
|
|
.Xr chmod 2 ,
|
|
.Xr intro 2 ,
|
|
.Xr stat 2
|
|
.Sh STANDARDS
|
|
The
|
|
.Fn access
|
|
system call is expected to conform to
|
|
.St -p1003.1-90 .
|
|
.Sh HISTORY
|
|
The
|
|
.Fn access
|
|
function appeared in
|
|
.At v7 .
|