The GNU C Library - Testing File Access

Go to the first, previous, next, last section, table of contents.

Testing Permission to Access a File

When a program runs as a privileged user, this permits it to access files off-limits to ordinary users--for example, to modify `/etc/passwd'. Programs designed to be run by ordinary users but access such files use the setuid bit feature so that they always run with root as the effective user ID.

Such a program may also access files specified by the user, files which conceptually are being accessed explicitly by the user. Since the program runs as root, it has permission to access whatever file the user specifies--but usually the desired behavior is to permit only those files which the user could ordinarily access.

The program therefore must explicitly check whether the user would have the necessary access to a file, before it reads or writes the file.

To do this, use the function access, which checks for access permission based on the process's real user ID rather than the effective user ID. (The setuid feature does not alter the real user ID, so it reflects the user who actually ran the program.)

There is another way you could check this access, which is easy to describe, but very hard to use. This is to examine the file mode bits and mimic the system's own access computation. This method is undesirable because many systems have additional access control features; your program cannot portably mimic them, and you would not want to try to keep track of the diverse features that different systems have. Using access is simple and automatically does whatever is appropriate for the system you are using.

access is only only appropriate to use in setuid programs. A non-setuid program will always use the effective ID rather than the real ID.

The symbols in this section are declared in `unistd.h'.

Function: int access (const char *filename, int how)

The access function checks to see whether the file named by filename can be accessed in the way specified by the how argument. The how argument either can be the bitwise OR of the flags R_OK, W_OK, X_OK, or the existence test F_OK.

This function uses the real user and group ID's of the calling process, rather than the effective ID's, to check for access permission. As a result, if you use the function from a setuid or setgid program (see section How an Application Can Change Persona), it gives information relative to the user who actually ran the program.

The return value is 0 if the access is permitted, and -1 otherwise. (In other words, treated as a predicate function, access returns true if the requested access is denied.)

In addition to the usual file name errors (see section File Name Errors), the following errno error conditions are defined for this function:

EACCES: The access specified by how is denied.
ENOENT: The file doesn't exist.
EROFS: Write permission was requested for a file on a read-only file system.

These macros are defined in the header file `unistd.h' for use as the how argument to the access function. The values are integer constants.

Macro: int R_OK: Argument that means, test for read permission.

Macro: int W_OK: Argument that means, test for write permission.

Macro: int X_OK: Argument that means, test for execute/search permission.

Macro: int F_OK: Argument that means, test for existence of the file.

Go to the first, previous, next, last section, table of contents.