ACCESS(2)                  System calls                 ACCESS(2)

NAME
       access - check user's permissions for a file

SYNOPSIS
       #include <unistd.h>

       int access(const char *pathname, int mode);

DESCRIPTION
       access  checks  whether  the  process  would be allowed to
       read, write or test for existence of the  file  (or  other
       file  system  object) whose name is pathname.  If pathname
       is a symbolic link permissions of the file referred to  by
       this symbolic link are tested.

       mode  is  a  mask consisting of one or more of R_OK, W_OK,
       X_OK and F_OK.

       R_OK, W_OK and X_OK  request  checking  whether  the  file
       exists  and  has  read,  write  and  execute  permissions,
       respectively.  F_OK just requests checking for  the  exis-
       tence of the file.

       The  tests  depend  on  the permissions of the directories
       occurring in the path to the file, as given  in  pathname,
       and  on  the permissions of directories and files referred
       to by symbolic links encountered on the way.

       The check is done with the process's  real  uid  and  gid,
       rather  than  with the effective ids as is done when actu-
       ally attempting an operation.  This is  to  allow  set-UID
       programs  to  easily determine the invoking user's author-
       ity.

       Only access bits are checked, not the file  type  or  con-
       tents.    Therefore,   if  a  directory  is  found  to  be
       "writable," it probably means that files can be created in
       the  directory,  and not that the directory can be written
       as a file.  Similarly, a DOS file may be found to be "exe-
       cutable," but the execve(2) call will still fail.

RETURN VALUE
       On  success  (all  requested permissions granted), zero is
       returned.  On error (at least one bit in mode asked for  a
       permission  that is denied, or some other error occurred),
       -1 is returned, and errno is set appropriately.

ERRORS
       EACCES  The requested access would be denied to  the  file
               or  search  permission  is  denied  to  one of the
               directories in pathname.

       EROFS   Write permission was requested for  a  file  on  a
               read-only filesystem.

       EFAULT  pathname  points  outside  your accessible address
               space.

       EINVAL  mode was incorrectly specified.

       ENAMETOOLONG
               pathname is too long.

       ENOENT  A directory component in pathname would have  been
               accessible  but  does  not exist or was a dangling
               symbolic link.

       ENOTDIR A component used as a  directory  in  pathname  is
               not, in fact, a directory.

       ENOMEM  Insufficient kernel memory was available.

       ELOOP   Too   many  symbolic  links  were  encountered  in
               resolving pathname.

       EIO     An I/O error occurred.

RESTRICTIONS
       access returns an error if any of the access types in  the
       requested  call  fails,  even if other types might be suc-
       cessful.

       access may not work correctly on NFS file systems with UID
       mapping enabled, because UID mapping is done on the server
       and hidden from the client, which checks permissions.

       Using access to check if a user is authorized to e.g. open
       a  file  before  actually doing so using open(2) creates a
       security hole, because the user might  exploit  the  short
       time  interval  between  checking  and opening the file to
       manipulate it.

CONFORMING TO
       SVID, AT&T, POSIX, X/OPEN, BSD 4.3

SEE ALSO
       stat(2),  open(2),  chmod(2),  chown(2),  setuid(2),  set-
       gid(2).

Linux                    January 13, 1998                       1