xref: /freebsd/share/man/man9/VOP_ACCESS.9 (revision 81f8d226f96dbdbf262f2e492b82705fe2bfa4b7)
1fab63cc4SDoug Rabson.\" -*- nroff -*-
2fab63cc4SDoug Rabson.\" -*- nroff -*-
3fab63cc4SDoug Rabson.\"
4fab63cc4SDoug Rabson.\" Copyright (c) 1996 Doug Rabson
5fab63cc4SDoug Rabson.\"
6fab63cc4SDoug Rabson.\" All rights reserved.
7fab63cc4SDoug Rabson.\"
8fab63cc4SDoug Rabson.\" This program is free software.
9fab63cc4SDoug Rabson.\"
10fab63cc4SDoug Rabson.\" Redistribution and use in source and binary forms, with or without
11fab63cc4SDoug Rabson.\" modification, are permitted provided that the following conditions
12fab63cc4SDoug Rabson.\" are met:
13fab63cc4SDoug Rabson.\" 1. Redistributions of source code must retain the above copyright
14fab63cc4SDoug Rabson.\"    notice, this list of conditions and the following disclaimer.
15fab63cc4SDoug Rabson.\" 2. Redistributions in binary form must reproduce the above copyright
16fab63cc4SDoug Rabson.\"    notice, this list of conditions and the following disclaimer in the
17fab63cc4SDoug Rabson.\"    documentation and/or other materials provided with the distribution.
18fab63cc4SDoug Rabson.\"
19fab63cc4SDoug Rabson.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
20fab63cc4SDoug Rabson.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21fab63cc4SDoug Rabson.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22fab63cc4SDoug Rabson.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
23fab63cc4SDoug Rabson.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24fab63cc4SDoug Rabson.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25fab63cc4SDoug Rabson.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26fab63cc4SDoug Rabson.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27fab63cc4SDoug Rabson.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28fab63cc4SDoug Rabson.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29fab63cc4SDoug Rabson.\"
307f3dea24SPeter Wemm.\" $FreeBSD$
31fab63cc4SDoug Rabson.\"
32fab63cc4SDoug Rabson.Dd July 24, 1996
33fab63cc4SDoug Rabson.Os
34fab63cc4SDoug Rabson.Dt VOP_ACCESS 9
35fab63cc4SDoug Rabson.Sh NAME
36fab63cc4SDoug Rabson.Nm VOP_ACCESS
37f167d7fbSSheldon Hearn.Nd "check access permissions of a file or Unix domain socket"
38fab63cc4SDoug Rabson.Sh SYNOPSIS
3932eef9aeSRuslan Ermilov.In sys/param.h
4032eef9aeSRuslan Ermilov.In sys/vnode.h
41fab63cc4SDoug Rabson.Ft int
42be8989d5SAndrew R. Reiter.Fn VOP_ACCESS "struct vnode *vp" "int mode" "struct ucred *cred" "struct thread *td"
43fab63cc4SDoug Rabson.Sh DESCRIPTION
44fab63cc4SDoug RabsonThis entry point checks the access permissions of the file against the
45fab63cc4SDoug Rabsongiven credentials.
46fab63cc4SDoug Rabson.Pp
47fab63cc4SDoug RabsonIts arguments are:
48fab63cc4SDoug Rabson.Bl -tag -width mode
49fab63cc4SDoug Rabson.It Ar vp
50fab63cc4SDoug Rabsonthe vnode of the file to check
51fab63cc4SDoug Rabson.It Ar mode
52fab63cc4SDoug Rabsonthe type of access required
53fab63cc4SDoug Rabson.It Ar cred
54fab63cc4SDoug Rabsonthe user credentials to check
55be8989d5SAndrew R. Reiter.It Ar td
56be8989d5SAndrew R. Reiterthe thread which is checking
57fab63cc4SDoug Rabson.El
58fab63cc4SDoug Rabson.Pp
59fab63cc4SDoug RabsonThe
60fab63cc4SDoug Rabson.Fa mode
61fab63cc4SDoug Rabsonis a mask which can contain
62fab63cc4SDoug Rabson.Dv VREAD ,
63d0353b83SRuslan Ermilov.Dv VWRITE
64d0353b83SRuslan Ermilovor
65fab63cc4SDoug Rabson.Dv VEXEC .
66fab63cc4SDoug Rabson.Sh LOCKS
67fb3fd476SMatthew DillonThe vnode will be locked on entry and should remain locked on return.
68fab63cc4SDoug Rabson.Sh RETURN VALUES
693a9c9c6eSMike PritchardIf the file is accessible in the specified way, then zero is returned,
70fab63cc4SDoug Rabsonotherwise an appropriate error code is returned.
71fab63cc4SDoug Rabson.Sh PSEUDOCODE
72fab63cc4SDoug Rabson.Bd -literal
73fab63cc4SDoug Rabsonint
74be8989d5SAndrew R. Reitervop_access(struct vnode *vp, int mode, struct ucred *cred, struct thread *td)
75fab63cc4SDoug Rabson{
76fab63cc4SDoug Rabson    int error;
77fab63cc4SDoug Rabson
78fab63cc4SDoug Rabson    /*
79fab63cc4SDoug Rabson     * Disallow write attempts on read-only filesystems;
80fab63cc4SDoug Rabson     * unless the file is a socket, fifo, or a block or
81fab63cc4SDoug Rabson     * character device resident on the filesystem.
82fab63cc4SDoug Rabson     */
83fab63cc4SDoug Rabson    if (mode & VWRITE) {
84fab63cc4SDoug Rabson	switch (vp->v_type) {
85fab63cc4SDoug Rabson	case VDIR:
86fab63cc4SDoug Rabson	case VLNK:
87fab63cc4SDoug Rabson	case VREG:
88fab63cc4SDoug Rabson	    if (vp->v_mount->mnt_flag & MNT_RDONLY)
89fab63cc4SDoug Rabson		return EROFS;
90fab63cc4SDoug Rabson
91fab63cc4SDoug Rabson	    break;
92fab63cc4SDoug Rabson	}
93fab63cc4SDoug Rabson    }
94fab63cc4SDoug Rabson
95fab63cc4SDoug Rabson    /* If immutable bit set, nobody gets to write it. */
96fab63cc4SDoug Rabson    if ((mode & VWRITE) && vp has immutable bit set)
97fab63cc4SDoug Rabson	return EPERM;
98fab63cc4SDoug Rabson
99fab63cc4SDoug Rabson    /* Otherwise, user id 0 always gets access. */
100fab63cc4SDoug Rabson    if (cred->cr_uid == 0)
101fab63cc4SDoug Rabson	return 0;
102fab63cc4SDoug Rabson
103fab63cc4SDoug Rabson    mask = 0;
104fab63cc4SDoug Rabson
105fab63cc4SDoug Rabson    /* Otherwise, check the owner. */
106fab63cc4SDoug Rabson    if (cred->cr_uid == owner of vp) {
107fab63cc4SDoug Rabson	if (mode & VEXEC)
108fab63cc4SDoug Rabson	    mask |= S_IXUSR;
109fab63cc4SDoug Rabson	if (mode & VREAD)
110fab63cc4SDoug Rabson	    mask |= S_IRUSR;
111fab63cc4SDoug Rabson	if (mode & VWRITE)
112fab63cc4SDoug Rabson	    mask |= S_IWUSR;
113fab63cc4SDoug Rabson	return (((mode of vp) & mask) == mask ? 0 : EACCES);
114fab63cc4SDoug Rabson    }
115fab63cc4SDoug Rabson
116fab63cc4SDoug Rabson    /* Otherwise, check the groups. */
117fab63cc4SDoug Rabson    for (i = 0, gp = cred->cr_groups; i < cred->cr_ngroups; i++, gp++)
118fab63cc4SDoug Rabson	if (group of vp == *gp) {
119fab63cc4SDoug Rabson	    if (mode & VEXEC)
120fab63cc4SDoug Rabson		mask |= S_IXGRP;
121fab63cc4SDoug Rabson	    if (mode & VREAD)
122fab63cc4SDoug Rabson		mask |= S_IRGRP;
123fab63cc4SDoug Rabson	    if (mode & VWRITE)
124fab63cc4SDoug Rabson		mask |= S_IWGRP;
125fab63cc4SDoug Rabson	    return (((mode of vp) & mask) == mask ? 0 : EACCES);
126fab63cc4SDoug Rabson	}
127fab63cc4SDoug Rabson
128fab63cc4SDoug Rabson    /* Otherwise, check everyone else. */
129fab63cc4SDoug Rabson    if (mode & VEXEC)
130fab63cc4SDoug Rabson	mask |= S_IXOTH;
131fab63cc4SDoug Rabson    if (mode & VREAD)
132fab63cc4SDoug Rabson	mask |= S_IROTH;
133fab63cc4SDoug Rabson    if (mode & VWRITE)
134fab63cc4SDoug Rabson	mask |= S_IWOTH;
135fab63cc4SDoug Rabson    return (((mode of vp) & mask) == mask ? 0 : EACCES);
136fab63cc4SDoug Rabson}
137fab63cc4SDoug Rabson.Ed
138fab63cc4SDoug Rabson.Sh ERRORS
139eaa8b244SMike Pritchard.Bl -tag -width Er
140fab63cc4SDoug Rabson.It Bq Er EPERM
141cc258457SDon LewisAn attempt was made to change an immutable file.
142fab63cc4SDoug Rabson.It Bq Er EACCES
14381f8d226SDon LewisThe permission bits the file mode or the ACL do not permit the
14481f8d226SDon Lewisrequested access.
145fab63cc4SDoug Rabson.El
146fab63cc4SDoug Rabson.Sh SEE ALSO
14712f96c9bSChris Costello.Xr vaccess 9 ,
14812f96c9bSChris Costello.Xr vaccess_acl_posix1e 9 ,
149fab63cc4SDoug Rabson.Xr vnode 9
150fab63cc4SDoug Rabson.Sh AUTHORS
151aaf1f16eSPhilippe CharnierThis man page was written by
152aaf1f16eSPhilippe Charnier.An Doug Rabson .
153