xref: /freebsd/share/man/man9/VOP_ACCESS.9 (revision 7f3dea244c40159a41ab22da77a434d7c5b5e85a) 
1fab63cc4SDoug Rabson.\" -*- nroff -*-
2fab63cc4SDoug Rabson.\" -*- nroff -*-
3fab63cc4SDoug Rabson.\"
4fab63cc4SDoug Rabson.\" Copyright (c) 1996 Doug Rabson
5fab63cc4SDoug Rabson.\"
6fab63cc4SDoug Rabson.\" All rights reserved.
7fab63cc4SDoug Rabson.\"
8fab63cc4SDoug Rabson.\" This program is free software.
9fab63cc4SDoug Rabson.\"
10fab63cc4SDoug Rabson.\" Redistribution and use in source and binary forms, with or without
11fab63cc4SDoug Rabson.\" modification, are permitted provided that the following conditions
12fab63cc4SDoug Rabson.\" are met:
13fab63cc4SDoug Rabson.\" 1. Redistributions of source code must retain the above copyright
14fab63cc4SDoug Rabson.\"    notice, this list of conditions and the following disclaimer.
15fab63cc4SDoug Rabson.\" 2. Redistributions in binary form must reproduce the above copyright
16fab63cc4SDoug Rabson.\"    notice, this list of conditions and the following disclaimer in the
17fab63cc4SDoug Rabson.\"    documentation and/or other materials provided with the distribution.
18fab63cc4SDoug Rabson.\"
19fab63cc4SDoug Rabson.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
20fab63cc4SDoug Rabson.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21fab63cc4SDoug Rabson.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22fab63cc4SDoug Rabson.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
23fab63cc4SDoug Rabson.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24fab63cc4SDoug Rabson.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25fab63cc4SDoug Rabson.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26fab63cc4SDoug Rabson.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27fab63cc4SDoug Rabson.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28fab63cc4SDoug Rabson.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29fab63cc4SDoug Rabson.\"
307f3dea24SPeter Wemm.\" $FreeBSD$
31fab63cc4SDoug Rabson.\"
32fab63cc4SDoug Rabson.Dd July 24, 1996
33fab63cc4SDoug Rabson.Os
34fab63cc4SDoug Rabson.Dt VOP_ACCESS 9
35fab63cc4SDoug Rabson.Sh NAME
36fab63cc4SDoug Rabson.Nm VOP_ACCESS
373a9c9c6eSMike Pritchard.Nd check access permissions of a file or Unix domain socket
38fab63cc4SDoug Rabson.Sh SYNOPSIS
392e14815bSBruce Evans.Fd #include <sys/param.h>
40fab63cc4SDoug Rabson.Fd #include <sys/vnode.h>
41fab63cc4SDoug Rabson.Ft int
42fab63cc4SDoug Rabson.Fn VOP_ACCESS "struct vnode *vp" "int mode" "struct ucred *cred" "struct proc *p"
43fab63cc4SDoug Rabson.Sh DESCRIPTION
44fab63cc4SDoug RabsonThis entry point checks the access permissions of the file against the
45fab63cc4SDoug Rabsongiven credentials.
46fab63cc4SDoug Rabson.Pp
47fab63cc4SDoug RabsonIts arguments are:
48fab63cc4SDoug Rabson.Bl -tag -width mode
49fab63cc4SDoug Rabson.It Ar vp
50fab63cc4SDoug Rabsonthe vnode of the file to check
51fab63cc4SDoug Rabson.It Ar mode
52fab63cc4SDoug Rabsonthe type of access required
53fab63cc4SDoug Rabson.It Ar cred
54fab63cc4SDoug Rabsonthe user credentials to check
55fab63cc4SDoug Rabson.It Ar p
56fab63cc4SDoug Rabsonthe process which is checking
57fab63cc4SDoug Rabson.El
58fab63cc4SDoug Rabson.Pp
59fab63cc4SDoug RabsonThe
60fab63cc4SDoug Rabson.Fa mode
61fab63cc4SDoug Rabsonis a mask which can contain
62fab63cc4SDoug Rabson.Dv VREAD ,
63fab63cc4SDoug Rabson.Dv VWRITE or
64fab63cc4SDoug Rabson.Dv VEXEC.
65fab63cc4SDoug Rabson.Sh LOCKS
66fab63cc4SDoug RabsonThe vnode should be locked on entry.
67fab63cc4SDoug Rabson.Sh RETURN VALUES
683a9c9c6eSMike PritchardIf the file is accessible in the specified way, then zero is returned,
69fab63cc4SDoug Rabsonotherwise an appropriate error code is returned.
70fab63cc4SDoug Rabson.Sh PSEUDOCODE
71fab63cc4SDoug Rabson.Bd -literal
72fab63cc4SDoug Rabsonint
73fab63cc4SDoug Rabsonvop_access(struct vnode *vp, int mode, struct ucred *cred, struct proc *p)
74fab63cc4SDoug Rabson{
75fab63cc4SDoug Rabson    int error;
76fab63cc4SDoug Rabson
77fab63cc4SDoug Rabson    /*
78fab63cc4SDoug Rabson     * Disallow write attempts on read-only file systems;
79fab63cc4SDoug Rabson     * unless the file is a socket, fifo, or a block or
80fab63cc4SDoug Rabson     * character device resident on the file system.
81fab63cc4SDoug Rabson     */
82fab63cc4SDoug Rabson    if (mode & VWRITE) {
83fab63cc4SDoug Rabson	switch (vp->v_type) {
84fab63cc4SDoug Rabson	case VDIR:
85fab63cc4SDoug Rabson	case VLNK:
86fab63cc4SDoug Rabson	case VREG:
87fab63cc4SDoug Rabson	    if (vp->v_mount->mnt_flag & MNT_RDONLY)
88fab63cc4SDoug Rabson		return EROFS;
89fab63cc4SDoug Rabson
90fab63cc4SDoug Rabson	    break;
91fab63cc4SDoug Rabson	}
92fab63cc4SDoug Rabson    }
93fab63cc4SDoug Rabson
94fab63cc4SDoug Rabson    /* If immutable bit set, nobody gets to write it. */
95fab63cc4SDoug Rabson    if ((mode & VWRITE) && vp has immutable bit set)
96fab63cc4SDoug Rabson	return EPERM;
97fab63cc4SDoug Rabson
98fab63cc4SDoug Rabson    /* Otherwise, user id 0 always gets access. */
99fab63cc4SDoug Rabson    if (cred->cr_uid == 0)
100fab63cc4SDoug Rabson	return 0;
101fab63cc4SDoug Rabson
102fab63cc4SDoug Rabson    mask = 0;
103fab63cc4SDoug Rabson
104fab63cc4SDoug Rabson    /* Otherwise, check the owner. */
105fab63cc4SDoug Rabson    if (cred->cr_uid == owner of vp) {
106fab63cc4SDoug Rabson	if (mode & VEXEC)
107fab63cc4SDoug Rabson	    mask |= S_IXUSR;
108fab63cc4SDoug Rabson	if (mode & VREAD)
109fab63cc4SDoug Rabson	    mask |= S_IRUSR;
110fab63cc4SDoug Rabson	if (mode & VWRITE)
111fab63cc4SDoug Rabson	    mask |= S_IWUSR;
112fab63cc4SDoug Rabson	return (((mode of vp) & mask) == mask ? 0 : EACCES);
113fab63cc4SDoug Rabson    }
114fab63cc4SDoug Rabson
115fab63cc4SDoug Rabson    /* Otherwise, check the groups. */
116fab63cc4SDoug Rabson    for (i = 0, gp = cred->cr_groups; i < cred->cr_ngroups; i++, gp++)
117fab63cc4SDoug Rabson	if (group of vp == *gp) {
118fab63cc4SDoug Rabson	    if (mode & VEXEC)
119fab63cc4SDoug Rabson		mask |= S_IXGRP;
120fab63cc4SDoug Rabson	    if (mode & VREAD)
121fab63cc4SDoug Rabson		mask |= S_IRGRP;
122fab63cc4SDoug Rabson	    if (mode & VWRITE)
123fab63cc4SDoug Rabson		mask |= S_IWGRP;
124fab63cc4SDoug Rabson	    return (((mode of vp) & mask) == mask ? 0 : EACCES);
125fab63cc4SDoug Rabson	}
126fab63cc4SDoug Rabson
127fab63cc4SDoug Rabson    /* Otherwise, check everyone else. */
128fab63cc4SDoug Rabson    if (mode & VEXEC)
129fab63cc4SDoug Rabson	mask |= S_IXOTH;
130fab63cc4SDoug Rabson    if (mode & VREAD)
131fab63cc4SDoug Rabson	mask |= S_IROTH;
132fab63cc4SDoug Rabson    if (mode & VWRITE)
133fab63cc4SDoug Rabson	mask |= S_IWOTH;
134fab63cc4SDoug Rabson    return (((mode of vp) & mask) == mask ? 0 : EACCES);
135fab63cc4SDoug Rabson}
136fab63cc4SDoug Rabson.Ed
137fab63cc4SDoug Rabson.Sh ERRORS
138eaa8b244SMike Pritchard.Bl -tag -width Er
139fab63cc4SDoug Rabson.It Bq Er EPERM
140fab63cc4SDoug RabsonAn attempt was made to change an immutable file
141fab63cc4SDoug Rabson.It Bq Er EACCES
142fab63cc4SDoug RabsonPermission denied
143fab63cc4SDoug Rabson.El
144fab63cc4SDoug Rabson.Sh SEE ALSO
145fab63cc4SDoug Rabson.Xr vnode 9
146fab63cc4SDoug Rabson.Sh AUTHORS
147aaf1f16eSPhilippe CharnierThis man page was written by
148aaf1f16eSPhilippe Charnier.An Doug Rabson .
149