Rev | Author | # | Line |
---|---|---|---|
1 | perry | 1 | ACCESS |
2 | !!!ACCESS | ||
2 | PerryLorier | 3 | |
1 | perry | 4 | ---- |
5 | !!NAME | ||
6 | |||
7 | |||
8 | access - check user's permissions for a file | ||
9 | !!SYNOPSIS | ||
10 | |||
11 | |||
2 | PerryLorier | 12 | __#include <unistd.h>__ |
13 | __access(char *__''pathname''__, int__ ''mode''__);__ | ||
14 | |||
1 | perry | 15 | !!DESCRIPTION |
16 | |||
17 | __access__ checks whether the process would be allowed to | ||
18 | read, write or test for existence of the file (or other file | ||
2 | PerryLorier | 19 | system object) whose name is ''pathname''. If ''pathname'' is a symbolic link permissions of the filereferred to by this symbolic link are tested. |
1 | perry | 20 | |
2 | PerryLorier | 21 | ''mode'' is a mask consisting of one or more of __R_OK__, __W_OK__, __X_OK__ and __F_OK__. |
1 | perry | 22 | |
23 | |||
24 | __R_OK__, __W_OK__ and __X_OK__ request checking | ||
25 | whether the file exists and has read, write and execute | ||
26 | permissions, respectively. __F_OK__ just requests | ||
27 | checking for the existence of the file. | ||
28 | |||
29 | The tests depend on the permissions of the directories | ||
30 | occurring in the path to the file, as given in | ||
31 | ''pathname'', and on the permissions of directories and | ||
32 | files referred to by symbolic links encountered on the | ||
33 | way. | ||
34 | |||
35 | |||
36 | The check is done with the process's ''real'' uid and | ||
37 | gid, rather than with the effective ids as is done when | ||
38 | actually attempting an operation. This is to allow set-UID | ||
39 | programs to easily determine the invoking user's | ||
40 | authority. | ||
41 | |||
42 | |||
43 | Only access bits are checked, not the file type or contents. | ||
44 | Therefore, if a directory is found to be | ||
45 | execve__(2) call will | ||
46 | still fail. | ||
47 | !!RETURN VALUE | ||
48 | |||
49 | On success (all requested permissions granted), zero is | ||
50 | returned. On error (at least one bit in ''mode'' asked | ||
51 | for a permission that is denied, or some other error | ||
52 | occurred), -1 is returned, and ''errno'' is set | ||
53 | appropriately. | ||
2 | PerryLorier | 54 | |
1 | perry | 55 | !!ERRORS |
56 | |||
2 | PerryLorier | 57 | ;[EACCES]: The requested access would be denied to the file or search permission is denied to one of the directories in ''pathname''. |
58 | ;[EROFS]: Write permission was requested for a file on a read-only filesystem. | ||
59 | ;[EFAULT]: ''pathname'' points outside your accessible address space. | ||
60 | ;[EINVAL]: ''mode'' was incorrectly specified. | ||
61 | ;[ENAMETOOLONG]: ''pathname'' is too long. | ||
62 | ;[ENOENT]: A directory component in ''pathname'' would have been accessible but does not exist or was a dangling symbolic link. | ||
63 | ;[ENOTDIR]: A component used as a directory in ''pathname'' is not, in fact, a directory. | ||
64 | ;[ENOMEM]: Insufficient kernel memory was available. | ||
65 | ;[ELOOP]: Too many symbolic links were encountered in resolving ''pathname''. | ||
66 | ;[EIO]: An I/O error occurred. | ||
1 | perry | 67 | |
68 | !!RESTRICTIONS | ||
69 | __access__ returns an error if any of the access types in | ||
70 | the requested call fails, even if other types might be | ||
71 | successful. | ||
72 | |||
73 | __access__ may not work correctly on NFS file systems | ||
74 | with UID mapping enabled, because UID mapping is done on the | ||
75 | server and hidden from the client, which checks | ||
76 | permissions. | ||
77 | |||
78 | Using __access__ to check if a user is authorized to e.g. | ||
79 | open a file before actually doing so using open(2) | ||
80 | creates a security hole, because the user might exploit the | ||
81 | short time interval between checking and opening the file to | ||
82 | manipulate it. | ||
2 | PerryLorier | 83 | |
1 | perry | 84 | !!CONFORMING TO |
85 | SVID, AT | ||
86 | !!SEE ALSO | ||
87 | |||
2 | PerryLorier | 88 | stat(2), open(2), chmod(2), chown(2), setuid(2), setgid(2) |
lib/blame.php:177: Warning: Invalid argument supplied for foreach() (...repeated 8 times)