Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
getaccess(2)		      System Calls Manual		  getaccess(2)

NAME
       getaccess - get a user's	effective access rights	to a file

SYNOPSIS
DESCRIPTION
       identifies  the	access rights (read, write, execute/search) a specific
       user ID has to an existing file.	 path points to	a path name of a file.
       If the call succeeds, it	returns	a value	of zero	or greater, represent-
       ing the specified user's	effective access rights	(modes)	to  the	 file.
       The rights are expressed	as the logical OR of bits and whose values are
       defined in the header A return of zero means that access	is denied.

       The uid parameter is a user ID.	Special	values,	defined	 in  represent
       the calling process's effective,	real, or saved user ID:

	      Effective	user ID.
	      Real user	     ID.
	      Saved user     ID.

       ngroups	is the number of group IDs in gidset, not to exceed + 1	is de-
       fined in	If the ngroups parameter is positive, the gidset parameter  is
       an  array of group ID values to use in the check.  If ngroups is	a rec-
       ognized negative	value, gidset is ignored.  Special negative values  of
       ngroups,	defined	in represent various combinations of the process's ef-
       fective,	real, or saved user ID and its supplementary groups list:

	      Use process's effective group
				       ID only.
	      Use process's real group ID only.
	      Use process's saved group
				       ID only.
	      Use process's supplementary groups only.
	      Use process's effective group
				       ID plus supplementary groups.
	      Use process's real group ID plus supplementary groups.
	      Use process's saved group
				       ID plus supplementary groups.

       The label and privs parameters are placeholders for future  extensions.
       For now,	the values of these parameters must be

       The access check	rules for access control lists are described in	acl(5)
       and aclv(5).  In	addition, the bit is cleared for  files	 on  read-only
       file  systems  or shared-text programs being executed.  Note that as in
       access(2), the bit is not turned	off for	shared-text programs open  for
       writing because there is	no easy	way to know that a file	open for writ-
       ing is a	shared-text program.

       If the caller's user ID is 0, or	if it is or (see and the process's re-
       spective	 user  ID  is 0, and are always	set except when	is cleared for
       files on	read-only file systems or shared-text programs being executed.
       is set if and only if the file is not a regular file or the execute bit
       is set in any of	the file's ACL entries.

       checks each directory component of path by first	using the caller's ef-
       fective user ID,	effective group	ID, and	supplementary groups list, re-
       gardless	of the user ID specified.  An error occurs, distinct from ``no
       access  allowed,''  if  the  caller cannot search the path to the file.
       (In this	case it	is inappropriate for  the  caller  to  learn  anything
       about the file.)

   Comparison of access(2) and getaccess(2)
       The following table compares various attributes of and
	    access()			       getaccess()
       +=================================================================+
       | checks	all ACL	entries		|   same			 |
       | (HFS and JFS File Systems only)|				 |
       +-----------------------------------------------------------------+
       | uses real uid,	real gid, and	|   uses specified uid and groups|
       | supplementary groups list	|   list; macros available	 |
       |				|   for	typical	values		 |
       +-----------------------------------------------------------------+
       | checks	specific mode value,	|   returns all	mode bits, each	 |
       | returns succeed or fail	|   on or off			 |
       +-----------------------------------------------------------------+
       | checks	path to	file using	|   same			 |
       | caller's effective ID		|				 |
       +-----------------------------------------------------------------+
       | W_OK false if shared-text	|   same			 |
       | file currently	being executed	|				 |
       +-----------------------------------------------------------------+
       | W_OK false if file on		|   same			 |
       | read-only file	system		|				 |
       +-----------------------------------------------------------------+
       | X_OK not modified for file	|   same			 |
       | currently open	for writing	|				 |
       +-----------------------------------------------------------------+
       | R_OK and W_OK always true for	|   same			 |
       | superuser (except as above)	|				 |
       +-----------------------------------------------------------------+
       | X_OK always true for		|   X_OK true for super-user	 |
       | superuser			|   if file is not a regular	 |
       |				|   file OR execute is set in	 |
       |				|   any	ACL entry		 |
       +-----------------------------------------------------------------+

-------+-----------------------------------------------------------------------+---------------------------------------------	   |
       |			access()				       |	     getaccess()			   |
-------+-----------------------------------------------------------------------+---------------------------------------------	   |
 checks|all ACL	entries							  same |						   |
 (HFS and JFS File Systems only)					       |						   |
-------+-----------------------------------------------------------------------+---------------------------------------------	   |
 uses real uid,	real gid, and						  uses specified uid and groups	list;			   |
 supplementary groups list						  macros available for typical values			   |
-------+-----------------------------------------------------------------------+---------------------------------------------	   |
 checks|specific mode value,						  returns all mode bits, each on or off			   |
 returns succeed or fail						       |						   |
-------+-----------------------------------------------------------------------+---------------------------------------------	   |
 checks|path to	file using caller's effective IDs			  same |						   |
-------+-----------------------------------------------------------------------+---------------------------------------------	   |
 W_OK false if shared-text file						  same |						   |
 currently being executed						       |						   |
-------+-----------------------------------------------------------------------+---------------------------------------------	   |
 W_OK false if file on							  same |						   |
 read-only file	system							       |						   |
-------+-----------------------------------------------------------------------+---------------------------------------------	   |
 X_OK not modified for file						  same |						   |
 currently open	for writing						       |						   |
-------+-----------------------------------------------------------------------+---------------------------------------------	   |
 R_OK and W_OK always true for superuser				  same |						   |
 (except as above)							       |						   |
-------+-----------------------------------------------------------------------+---------------------------------------------	   |
 X_OK always true for superuser						  X_OK true for	super-user if file is not a regular	   |
       |								  file <i>or execute is set in any	ACL entry		   |
       |								       |						   |
RETURN VALUE								       |						   |
       |rIiefstursentsecrarofenrionnod-nnccsagrastitvaetvaallruepocifiedefile. the access rights of	       |						   |
ERRORS |								       |						   |
       |fails if any of	the following conditions are encountered	       |						   |
       |      [EACCES]	     p<i>at<i>hompprefixofdenies  search  permission	to the |						   |
       |		     caller.					       |						   |
       |      [EFAULT]	     _g_i_d_setor points  outside  the  allocated  address |						   |
       |		     sThee reliablerodetection of this error is	imple- |						   |
       |		     mentation dependent.			       |						   |
       |      [EINVAL]	     _n_g_r_o_u_p_s  is eitherdzero, an unrecognized negative |						   |
       |		     v+l1., or a value larger than		       |						   |
       |      [EINVAL]	     IDdsvalue.ntains an invalid group		       |						   |
       |      [EINVAL]	     _p<I>_r<I>_i<I>_v_svaorot a null pointer.		       |						   |
       |      [ELOOP]	      Too  many	 symbolic  links  were	encountered in |						   |
       |		     <i>p<i>a<i>t<i>hslname. the				       |						   |
       |      [ENAMETOOLONG]  bytes,norhthe lengtheoffaecomponentmofetheedpath |						   |
       |		     nbytiswhile_p<I>_a<I>_t<I>_h nisenlltoexasc)mponentsof(for example,      |						   |
       |      [ENOTDIR]	     p<i>at<i>homprefix is not a directory.		       |						   |
       |      [EOPNOTSUPP]    is not supported on some types of	remote files.  |						   |
EXAMPLEStoefilel``<I>t<I>e<I>st,''landtsucceedstif theluser hasereadeaccesss rights     |						   |
       |       #include	_unistd.h_					       |						   |
       |       #include	_sys/getaccess.h_				       |						   |
       |       int mode;						       |						   |
       |       mode = getaccess	("test", UID_EUID, NGROUPS_EGID_SUPP,	       |						   |
       |	      (int *) 0, (void *) 0, (void *) 0);		       |						   |
       |       if ((mode _= 0) __ (mode	_ R_OK)) ...			       |						   |
       |								       |						   |
       /ItDmp/ghooludforauser test	access rights to file			       |						   |
       |								       |						   |
       |       int gid = 109;						       |						   |
       |       int mode;						       |						   |
       |       mode = getaccess	("/tmp/hold", 23, 1, _ gid,		       |						   |
       |	      (void *) 0, (void	*) 0);				       |						   |
       |								       |						   |
       <I>I<I>D<I>:<i>s<i>e<i>td thatnincludesethehprocess'sneffectiveigroup		       |						   |
       |								       |						   |
       |       #include	_limits.h_					       |						   |
       |       int gidset [NGROUPS_MAX + 1];				       |						   |
       |       int ngroups;						       |						   |
       |       gidset [0] = getegid();					       |						   |
       |       ngroups = 1 + getgroups (NGROUPS_MAX, _ gidset [1]);	       |						   |
       |								       |						   |
AUTHOR |								       |						   |
       |was developed by HP.						       |						   |
SEE ALSOaccess(2),lacl(2),nchmod(2),-getacl(2),-setacl(2),-stat(2),------------+---------------------------------------------------+

								  getaccess(2)

NAME | SYNOPSIS | DESCRIPTION

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=getaccess&sektion=2&manpath=HP-UX+11.22>

home | help