Provided by: manpages-posix-dev_2017a-2_all bug

PROLOG

       This  manual  page  is part of the POSIX Programmer's Manual.  The Linux implementation of
       this interface may differ (consult the corresponding Linux  manual  page  for  details  of
       Linux behavior), or the interface may not be implemented on Linux.

NAME

       access, faccessat — determine accessibility of a file descriptor

SYNOPSIS

       #include <unistd.h>

       int access(const char *path, int amode);

       #include <fcntl.h>

       int faccessat(int fd, const char *path, int amode, int flag);

DESCRIPTION

       The  access()  function  shall check the file named by the pathname pointed to by the path
       argument for accessibility according to the bit pattern contained in  amode.   The  checks
       for  accessibility  (including  directory  permissions checked during pathname resolution)
       shall be performed using the real user ID in place of the effective user ID and  the  real
       group ID in place of the effective group ID.

       The  value  of  amode  is  either the bitwise-inclusive OR of the access permissions to be
       checked (R_OK, W_OK, X_OK) or the existence test (F_OK).

       If any access permissions are checked, each shall be checked individually, as described in
       the  Base Definitions volume of POSIX.1‐2017, Section 4.5, File Access Permissions, except
       that where that description refers to execute permission for a  process  with  appropriate
       privileges,  an implementation may indicate success for X_OK even if execute permission is
       not granted to any user.

       The faccessat() function, when called with a flag value of zero, shall  be  equivalent  to
       the  access()  function,  except in the case where path specifies a relative path. In this
       case the file whose accessibility is to be determined shall be  located  relative  to  the
       directory associated with the file descriptor fd instead of the current working directory.
       If the access mode of the open file description associated with the file descriptor is not
       O_SEARCH,  the  function  shall  check  whether directory searches are permitted using the
       current permissions of the directory underlying the file descriptor.  If the  access  mode
       is O_SEARCH, the function shall not perform the check.

       If  faccessat()  is  passed  the  special  value AT_FDCWD in the fd parameter, the current
       working directory shall be used and, if flag is zero, the behavior shall be identical to a
       call to access().

       Values  for  flag  are  constructed  by a bitwise-inclusive OR of flags from the following
       list, defined in <fcntl.h>:

       AT_EACCESS  The checks for accessibility (including directory permissions  checked  during
                   pathname  resolution) shall be performed using the effective user ID and group
                   ID instead of the real user ID and group ID as required in a call to access().

RETURN VALUE

       Upon successful completion, these functions shall return  0.  Otherwise,  these  functions
       shall return -1 and set errno to indicate the error.

ERRORS

       These functions shall fail if:

       EACCES Permission  bits  of  the  file  mode do not permit the requested access, or search
              permission is denied on a component of the path prefix.

       ELOOP  A loop exists in symbolic links encountered during resolution of the path argument.

       ENAMETOOLONG
              The length of a component of a pathname is longer than {NAME_MAX}.

       ENOENT A component of path does not name an existing file or path is an empty string.

       ENOTDIR
              A component of the path prefix names an existing file that is neither  a  directory
              nor  a  symbolic  link  to  a directory, or the path argument contains at least one
              non-<slash> character and ends with one or more trailing <slash> characters and the
              last  pathname  component  names an existing file that is neither a directory nor a
              symbolic link to a directory.

       EROFS  Write access is requested for a file on a read-only file system.

       The faccessat() function shall fail if:

       EACCES The access mode of the open file description associated with fd is not O_SEARCH and
              the permissions of the directory underlying fd do not permit directory searches.

       EBADF  The  path argument does not specify an absolute path and the fd argument is neither
              AT_FDCWD nor a valid file descriptor open for reading or searching.

       ENOTDIR
              The path argument is not an absolute path and fd is a  file  descriptor  associated
              with a non-directory file.

       These functions may fail if:

       EINVAL The value of the amode argument is invalid.

       ELOOP  More  than  {SYMLOOP_MAX}  symbolic links were encountered during resolution of the
              path argument.

       ENAMETOOLONG
              The length of a pathname exceeds {PATH_MAX}, or pathname resolution of  a  symbolic
              link produced an intermediate result with a length that exceeds {PATH_MAX}.

       ETXTBSY
              Write  access  is  requested  for a pure procedure (shared text) file that is being
              executed.

       The faccessat() function may fail if:

       EINVAL The value of the flag argument is not valid.

       The following sections are informative.

EXAMPLES

   Testing for the Existence of a File
       The following example tests whether a file named myfile exists in the /tmp directory.

           #include <unistd.h>
           ...
           int result;
           const char *pathname = "/tmp/myfile";

           result = access (pathname, F_OK);

APPLICATION USAGE

       Use of these functions is discouraged since by the time the returned information is  acted
       upon,  it is out-of-date. (That is, acting upon the information always leads to a time-of-
       check-to-time-of-use race condition.) An application should  instead  attempt  the  action
       itself  and  handle  the  [EACCES] error that occurs if the file is not accessible (with a
       change of effective user and group IDs beforehand, and perhaps a change  back  afterwards,
       in the case where access() or faccessat() without AT_EACCES would have been used.)

       Historically,  one  of  the  uses  of  access()  was in set-user-ID root programs to check
       whether the user running the program had access to a file. This relied  on  ``super-user''
       privileges  which  were  granted  based  on the effective user ID being zero, so that when
       access() used the real user ID to check accessibility those privileges were not taken into
       account.  On newer systems where privileges can be assigned which have no association with
       user or group IDs, if a program with such privileges calls access(), the change of IDs has
       no effect on the privileges and therefore they are taken into account in the accessibility
       checks. Thus, access() (and faccessat() with flag zero) cannot be used for this historical
       purpose  in such programs. Likewise, if a system provides any additional or alternate file
       access control mechanisms that are not user  ID-based,  they  will  still  be  taken  into
       account.

       If  a  relative pathname is used, no account is taken of whether the current directory (or
       the directory associated with the file descriptor  fd)  is  accessible  via  any  absolute
       pathname.  Applications using access(), or faccessat() without AT_EACCES, may consequently
       act as if the file would be accessible to a user with the real user ID and group ID of the
       process  when  such a user would not in practice be able to access the file because access
       would be denied at some point above the current directory  (or  the  directory  associated
       with the file descriptor fd) in the file hierarchy.

       If  access()  or  faccessat()  is  used with W_OK to check for write access to a directory
       which has the S_ISVTX bit set, a return value indicating the directory is writable can  be
       misleading since some operations on files in the directory would not be permitted based on
       the ownership of those files (see the Base Definitions  volume  of  POSIX.1‐2017,  Section
       4.3, Directory Protection).

       Additional values of amode other than the set defined in the description may be valid; for
       example, if a system has extended access controls.

       The use of the AT_EACCESS value for flag enables functionality not available in access().

RATIONALE

       In early proposals, some inadequacies in the access() function led to the creation  of  an
       eaccess() function because:

        1. Historical  implementations  of  access()  do  not test file access correctly when the
           process' real user ID is superuser.  In  particular,  they  always  return  zero  when
           testing execute permissions without regard to whether the file is executable.

        2. The superuser has complete access to all files on a system. As a consequence, programs
           started by the superuser and switched to the effective user ID with lesser  privileges
           cannot use access() to test their file access permissions.

       However, the historical model of eaccess() does not resolve problem (1), so this volume of
       POSIX.1‐2017  now  allows  access()  to  behave  in  the  desired  way   because   several
       implementations  have  corrected  the problem. It was also argued that problem (2) is more
       easily solved by using open(), chdir(), or one of the exec functions  as  appropriate  and
       responding  to  the  error,  rather  than  creating  a  new  function that would not be as
       reliable. Therefore, eaccess() is not included in this volume of POSIX.1‐2017.

       The sentence concerning appropriate privileges and execute permission  bits  reflects  the
       two possibilities implemented by historical implementations when checking superuser access
       for X_OK.

       New implementations are discouraged from returning X_OK  unless  at  least  one  execution
       permission bit is set.

       The  purpose of the faccessat() function is to enable the checking of the accessibility of
       files in directories other than the current working directory  without  exposure  to  race
       conditions.  Any  part  of  the  path  of a file could be changed in parallel to a call to
       access(), resulting in unspecified behavior. By opening a file descriptor for  the  target
       directory and using the faccessat() function it can be guaranteed that the file tested for
       accessibility is located relative to the desired directory.

FUTURE DIRECTIONS

       These functions may be formally deprecated (for example, by shading them OB) in  a  future
       version of this standard.

SEE ALSO

       chmod(), fstatat()

       The  Base  Definitions  volume  of  POSIX.1‐2017,  Section  4.5,  File Access Permissions,
       <fcntl.h>, <unistd.h>

COPYRIGHT

       Portions of this text are reprinted and  reproduced  in  electronic  form  from  IEEE  Std
       1003.1-2017,  Standard  for  Information Technology -- Portable Operating System Interface
       (POSIX), The Open Group Base Specifications Issue 7, 2018 Edition, Copyright (C)  2018  by
       the  Institute  of  Electrical  and Electronics Engineers, Inc and The Open Group.  In the
       event of any discrepancy between this version and the original IEEE  and  The  Open  Group
       Standard,  the  original  IEEE  and  The  Open Group Standard is the referee document. The
       original Standard can be obtained online at http://www.opengroup.org/unix/online.html .

       Any typographical or formatting errors that appear in this page are most  likely  to  have
       been  introduced  during  the conversion of the source files to man page format. To report
       such errors, see https://www.kernel.org/doc/man-pages/reporting_bugs.html .