ACCESS(2) BSD System Calls Manual ACCESS(2)NAME
access, faccessat — check access permissions of a file or pathname
LIBRARY
Standard C Library (libc, -lc)
SYNOPSIS
#include <unistd.h>
int
access(const char *path, int mode);
int
faccessat(int fd, const char *path, int mode, int flags);
DESCRIPTION
The access() function checks the accessibility of the file named by path
for the access permissions indicated by mode. The value of mode is the
bitwise inclusive OR of the access permissions to be checked (R_OK for
read permission, W_OK for write permission and X_OK for execute/search
permission) or the existence test, F_OK. All components of the pathname
path are checked for access permissions (including F_OK).
The real user ID is used in place of the effective user ID and the real
group access list (including the real group ID) are used in place of the
effective ID for verifying permission.
Even if a process has appropriate privileges and indicates success for
X_OK, the file may not actually have execute permission bits set. Like‐
wise for R_OK and W_OK.
The faccessat() function operates as the access() function but uses
either the effective and group IDs or real ones depending on the value of
flags.
The values for the flags are constructed by a bitwise-inclusive OR of
flags from the following list, defined in <fcntl.h>:
AT_EACCESS
Use effective user and group IDs.
If path specifies a relative path the file to access is determined rela‐
tive to the directory associated with the file descriptor fd instead of
the current working directory. If fd is the special value AT_FDCWD the
current working directory is used and the behavior is identical to a call
to access().
RETURN VALUES
If path cannot be found or if any of the desired access modes would not
be granted, then a -1 value is returned; otherwise a 0 value is returned.
ERRORS
The access() and faccessat() functions can fail with:
[ENOTDIR] A component of the path prefix is not a directory.
[ENAMETOOLONG] A component of a pathname exceeded 255 characters, or
an entire path name exceeded 1023 characters.
[ENOENT] The named file does not exist.
[ELOOP] Too many symbolic links were encountered in translat‐
ing the pathname.
[EROFS] Write access is requested for a file on a read-only
file system.
[ETXTBSY] Write access is requested for a pure procedure (shared
text) file presently being executed.
[EACCES] Permission bits of the file mode do not permit the
requested access, or search permission is denied on a
component of the path prefix. The owner of a file has
permission checked with respect to the ``owner'' read,
write, and execute mode bits, members of the file's
group other than the owner have permission checked
with respect to the ``group'' mode bits, and all oth‐
ers have permissions checked with respect to the
``other'' mode bits.
[EFAULT] Path points outside the process's allocated address
space.
[EIO] An I/O error occurred while reading from or writing to
the file system.
In addition the faccessat() function can fail with:
[EBADF] fd is not a valid file descriptor.
[ENOTDIR] path is relative and fd does not point to a directory.
[EINVAL] flags contains unsupported flags.
SEE ALSOchmod(2), stat(2)STANDARDS
The access() function call is expected to conform to ISO/IEC 9945-1:1990
(“POSIX.1”).
The faccessat() function call is expected to conform to IEEE Std
1003.1-2008 (“POSIX.1”).
CAVEATAccess() is a potential security hole due to race conditions and should
never be used. Setuid and setgid applications should either use the
faccessat() function or restore the effective uid or gid and perform
actions directly rather than use access() to simulate access checks for
the real user of group id.
HISTORY
An access() function call appeared in Version 7 AT&T UNIX.
The faccessat() system call appeared in DragonFly 2.3.
BSD August 23, 2009 BSD