1fab63cc4SDoug Rabson.\" -*- nroff -*- 2fab63cc4SDoug Rabson.\" -*- nroff -*- 3fab63cc4SDoug Rabson.\" 4fab63cc4SDoug Rabson.\" Copyright (c) 1996 Doug Rabson 5fab63cc4SDoug Rabson.\" 6fab63cc4SDoug Rabson.\" All rights reserved. 7fab63cc4SDoug Rabson.\" 8fab63cc4SDoug Rabson.\" This program is free software. 9fab63cc4SDoug Rabson.\" 10fab63cc4SDoug Rabson.\" Redistribution and use in source and binary forms, with or without 11fab63cc4SDoug Rabson.\" modification, are permitted provided that the following conditions 12fab63cc4SDoug Rabson.\" are met: 13fab63cc4SDoug Rabson.\" 1. Redistributions of source code must retain the above copyright 14fab63cc4SDoug Rabson.\" notice, this list of conditions and the following disclaimer. 15fab63cc4SDoug Rabson.\" 2. Redistributions in binary form must reproduce the above copyright 16fab63cc4SDoug Rabson.\" notice, this list of conditions and the following disclaimer in the 17fab63cc4SDoug Rabson.\" documentation and/or other materials provided with the distribution. 18fab63cc4SDoug Rabson.\" 19fab63cc4SDoug Rabson.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR 20fab63cc4SDoug Rabson.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 21fab63cc4SDoug Rabson.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 22fab63cc4SDoug Rabson.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, 23fab63cc4SDoug Rabson.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 24fab63cc4SDoug Rabson.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25fab63cc4SDoug Rabson.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26fab63cc4SDoug Rabson.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27fab63cc4SDoug Rabson.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 28fab63cc4SDoug Rabson.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29fab63cc4SDoug Rabson.\" 307f3dea24SPeter Wemm.\" $FreeBSD$ 31fab63cc4SDoug Rabson.\" 32fab63cc4SDoug Rabson.Dd July 24, 1996 33fab63cc4SDoug Rabson.Os 34fab63cc4SDoug Rabson.Dt VOP_ACCESS 9 35fab63cc4SDoug Rabson.Sh NAME 36fab63cc4SDoug Rabson.Nm VOP_ACCESS 37f167d7fbSSheldon Hearn.Nd "check access permissions of a file or Unix domain socket" 38fab63cc4SDoug Rabson.Sh SYNOPSIS 3932eef9aeSRuslan Ermilov.In sys/param.h 4032eef9aeSRuslan Ermilov.In sys/vnode.h 41fab63cc4SDoug Rabson.Ft int 42be8989d5SAndrew R. Reiter.Fn VOP_ACCESS "struct vnode *vp" "int mode" "struct ucred *cred" "struct thread *td" 43fab63cc4SDoug Rabson.Sh DESCRIPTION 44fab63cc4SDoug RabsonThis entry point checks the access permissions of the file against the 45fab63cc4SDoug Rabsongiven credentials. 46fab63cc4SDoug Rabson.Pp 47fab63cc4SDoug RabsonIts arguments are: 48fab63cc4SDoug Rabson.Bl -tag -width mode 49fab63cc4SDoug Rabson.It Ar vp 50fab63cc4SDoug Rabsonthe vnode of the file to check 51fab63cc4SDoug Rabson.It Ar mode 52fab63cc4SDoug Rabsonthe type of access required 53fab63cc4SDoug Rabson.It Ar cred 54fab63cc4SDoug Rabsonthe user credentials to check 55be8989d5SAndrew R. Reiter.It Ar td 56be8989d5SAndrew R. Reiterthe thread which is checking 57fab63cc4SDoug Rabson.El 58fab63cc4SDoug Rabson.Pp 59fab63cc4SDoug RabsonThe 60fab63cc4SDoug Rabson.Fa mode 61fab63cc4SDoug Rabsonis a mask which can contain 62fab63cc4SDoug Rabson.Dv VREAD , 63d0353b83SRuslan Ermilov.Dv VWRITE 64d0353b83SRuslan Ermilovor 65fab63cc4SDoug Rabson.Dv VEXEC . 66fab63cc4SDoug Rabson.Sh LOCKS 67fb3fd476SMatthew DillonThe vnode will be locked on entry and should remain locked on return. 68fab63cc4SDoug Rabson.Sh RETURN VALUES 693a9c9c6eSMike PritchardIf the file is accessible in the specified way, then zero is returned, 70fab63cc4SDoug Rabsonotherwise an appropriate error code is returned. 71fab63cc4SDoug Rabson.Sh PSEUDOCODE 72fab63cc4SDoug Rabson.Bd -literal 73fab63cc4SDoug Rabsonint 74be8989d5SAndrew R. Reitervop_access(struct vnode *vp, int mode, struct ucred *cred, struct thread *td) 75fab63cc4SDoug Rabson{ 76fab63cc4SDoug Rabson int error; 77fab63cc4SDoug Rabson 78fab63cc4SDoug Rabson /* 79fab63cc4SDoug Rabson * Disallow write attempts on read-only filesystems; 80fab63cc4SDoug Rabson * unless the file is a socket, fifo, or a block or 81fab63cc4SDoug Rabson * character device resident on the filesystem. 82fab63cc4SDoug Rabson */ 83fab63cc4SDoug Rabson if (mode & VWRITE) { 84fab63cc4SDoug Rabson switch (vp->v_type) { 85fab63cc4SDoug Rabson case VDIR: 86fab63cc4SDoug Rabson case VLNK: 87fab63cc4SDoug Rabson case VREG: 88fab63cc4SDoug Rabson if (vp->v_mount->mnt_flag & MNT_RDONLY) 89fab63cc4SDoug Rabson return EROFS; 90fab63cc4SDoug Rabson 91fab63cc4SDoug Rabson break; 92fab63cc4SDoug Rabson } 93fab63cc4SDoug Rabson } 94fab63cc4SDoug Rabson 95fab63cc4SDoug Rabson /* If immutable bit set, nobody gets to write it. */ 96fab63cc4SDoug Rabson if ((mode & VWRITE) && vp has immutable bit set) 97fab63cc4SDoug Rabson return EPERM; 98fab63cc4SDoug Rabson 99fab63cc4SDoug Rabson /* Otherwise, user id 0 always gets access. */ 100fab63cc4SDoug Rabson if (cred->cr_uid == 0) 101fab63cc4SDoug Rabson return 0; 102fab63cc4SDoug Rabson 103fab63cc4SDoug Rabson mask = 0; 104fab63cc4SDoug Rabson 105fab63cc4SDoug Rabson /* Otherwise, check the owner. */ 106fab63cc4SDoug Rabson if (cred->cr_uid == owner of vp) { 107fab63cc4SDoug Rabson if (mode & VEXEC) 108fab63cc4SDoug Rabson mask |= S_IXUSR; 109fab63cc4SDoug Rabson if (mode & VREAD) 110fab63cc4SDoug Rabson mask |= S_IRUSR; 111fab63cc4SDoug Rabson if (mode & VWRITE) 112fab63cc4SDoug Rabson mask |= S_IWUSR; 113fab63cc4SDoug Rabson return (((mode of vp) & mask) == mask ? 0 : EACCES); 114fab63cc4SDoug Rabson } 115fab63cc4SDoug Rabson 116fab63cc4SDoug Rabson /* Otherwise, check the groups. */ 117fab63cc4SDoug Rabson for (i = 0, gp = cred->cr_groups; i < cred->cr_ngroups; i++, gp++) 118fab63cc4SDoug Rabson if (group of vp == *gp) { 119fab63cc4SDoug Rabson if (mode & VEXEC) 120fab63cc4SDoug Rabson mask |= S_IXGRP; 121fab63cc4SDoug Rabson if (mode & VREAD) 122fab63cc4SDoug Rabson mask |= S_IRGRP; 123fab63cc4SDoug Rabson if (mode & VWRITE) 124fab63cc4SDoug Rabson mask |= S_IWGRP; 125fab63cc4SDoug Rabson return (((mode of vp) & mask) == mask ? 0 : EACCES); 126fab63cc4SDoug Rabson } 127fab63cc4SDoug Rabson 128fab63cc4SDoug Rabson /* Otherwise, check everyone else. */ 129fab63cc4SDoug Rabson if (mode & VEXEC) 130fab63cc4SDoug Rabson mask |= S_IXOTH; 131fab63cc4SDoug Rabson if (mode & VREAD) 132fab63cc4SDoug Rabson mask |= S_IROTH; 133fab63cc4SDoug Rabson if (mode & VWRITE) 134fab63cc4SDoug Rabson mask |= S_IWOTH; 135fab63cc4SDoug Rabson return (((mode of vp) & mask) == mask ? 0 : EACCES); 136fab63cc4SDoug Rabson} 137fab63cc4SDoug Rabson.Ed 138fab63cc4SDoug Rabson.Sh ERRORS 139eaa8b244SMike Pritchard.Bl -tag -width Er 140fab63cc4SDoug Rabson.It Bq Er EPERM 141cc258457SDon LewisAn attempt was made to change an immutable file. 142fab63cc4SDoug Rabson.It Bq Er EACCES 14381f8d226SDon LewisThe permission bits the file mode or the ACL do not permit the 14481f8d226SDon Lewisrequested access. 145fab63cc4SDoug Rabson.El 146fab63cc4SDoug Rabson.Sh SEE ALSO 14712f96c9bSChris Costello.Xr vaccess 9 , 14812f96c9bSChris Costello.Xr vaccess_acl_posix1e 9 , 149fab63cc4SDoug Rabson.Xr vnode 9 150fab63cc4SDoug Rabson.Sh AUTHORS 151aaf1f16eSPhilippe CharnierThis man page was written by 152aaf1f16eSPhilippe Charnier.An Doug Rabson . 153