xref: /freebsd/share/man/man9/VOP_ACCESS.9 (revision eaa8b244f1a8447ea7815796dbfa60ec5b4ab79d) 
1fab63cc4SDoug Rabson.\" -*- nroff -*-
2fab63cc4SDoug Rabson.\" -*- nroff -*-
3fab63cc4SDoug Rabson.\"
4fab63cc4SDoug Rabson.\" Copyright (c) 1996 Doug Rabson
5fab63cc4SDoug Rabson.\"
6fab63cc4SDoug Rabson.\" All rights reserved.
7fab63cc4SDoug Rabson.\"
8fab63cc4SDoug Rabson.\" This program is free software.
9fab63cc4SDoug Rabson.\"
10fab63cc4SDoug Rabson.\" Redistribution and use in source and binary forms, with or without
11fab63cc4SDoug Rabson.\" modification, are permitted provided that the following conditions
12fab63cc4SDoug Rabson.\" are met:
13fab63cc4SDoug Rabson.\" 1. Redistributions of source code must retain the above copyright
14fab63cc4SDoug Rabson.\"    notice, this list of conditions and the following disclaimer.
15fab63cc4SDoug Rabson.\" 2. Redistributions in binary form must reproduce the above copyright
16fab63cc4SDoug Rabson.\"    notice, this list of conditions and the following disclaimer in the
17fab63cc4SDoug Rabson.\"    documentation and/or other materials provided with the distribution.
18fab63cc4SDoug Rabson.\"
19fab63cc4SDoug Rabson.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
20fab63cc4SDoug Rabson.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21fab63cc4SDoug Rabson.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22fab63cc4SDoug Rabson.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
23fab63cc4SDoug Rabson.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24fab63cc4SDoug Rabson.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25fab63cc4SDoug Rabson.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26fab63cc4SDoug Rabson.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27fab63cc4SDoug Rabson.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28fab63cc4SDoug Rabson.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29fab63cc4SDoug Rabson.\"
30eaa8b244SMike Pritchard.\" $Id: VOP_ACCESS.9,v 1.2 1997/03/04 06:20:41 mpp Exp $
31fab63cc4SDoug Rabson.\"
32fab63cc4SDoug Rabson.Dd July 24, 1996
33fab63cc4SDoug Rabson.Os
34fab63cc4SDoug Rabson.Dt VOP_ACCESS 9
35fab63cc4SDoug Rabson.Sh NAME
36fab63cc4SDoug Rabson.Nm VOP_ACCESS
373a9c9c6eSMike Pritchard.Nd check access permissions of a file or Unix domain socket
38fab63cc4SDoug Rabson.Sh SYNOPSIS
39fab63cc4SDoug Rabson.Fd #include <sys/vnode.h>
40fab63cc4SDoug Rabson.Ft int
41fab63cc4SDoug Rabson.Fn VOP_ACCESS "struct vnode *vp" "int mode" "struct ucred *cred" "struct proc *p"
42fab63cc4SDoug Rabson.Sh DESCRIPTION
43fab63cc4SDoug RabsonThis entry point checks the access permissions of the file against the
44fab63cc4SDoug Rabsongiven credentials.
45fab63cc4SDoug Rabson.Pp
46fab63cc4SDoug RabsonIts arguments are:
47fab63cc4SDoug Rabson.Bl -tag -width mode
48fab63cc4SDoug Rabson.It Ar vp
49fab63cc4SDoug Rabsonthe vnode of the file to check
50fab63cc4SDoug Rabson.It Ar mode
51fab63cc4SDoug Rabsonthe type of access required
52fab63cc4SDoug Rabson.It Ar cred
53fab63cc4SDoug Rabsonthe user credentials to check
54fab63cc4SDoug Rabson.It Ar p
55fab63cc4SDoug Rabsonthe process which is checking
56fab63cc4SDoug Rabson.El
57fab63cc4SDoug Rabson.Pp
58fab63cc4SDoug RabsonThe
59fab63cc4SDoug Rabson.Fa mode
60fab63cc4SDoug Rabsonis a mask which can contain
61fab63cc4SDoug Rabson.Dv VREAD ,
62fab63cc4SDoug Rabson.Dv VWRITE or
63fab63cc4SDoug Rabson.Dv VEXEC.
64fab63cc4SDoug Rabson.Sh LOCKS
65fab63cc4SDoug RabsonThe vnode should be locked on entry.
66fab63cc4SDoug Rabson.Sh RETURN VALUES
673a9c9c6eSMike PritchardIf the file is accessible in the specified way, then zero is returned,
68fab63cc4SDoug Rabsonotherwise an appropriate error code is returned.
69fab63cc4SDoug Rabson.Sh PSEUDOCODE
70fab63cc4SDoug Rabson.Bd -literal
71fab63cc4SDoug Rabsonint
72fab63cc4SDoug Rabsonvop_access(struct vnode *vp, int mode, struct ucred *cred, struct proc *p)
73fab63cc4SDoug Rabson{
74fab63cc4SDoug Rabson    int error;
75fab63cc4SDoug Rabson
76fab63cc4SDoug Rabson    /*
77fab63cc4SDoug Rabson     * Disallow write attempts on read-only file systems;
78fab63cc4SDoug Rabson     * unless the file is a socket, fifo, or a block or
79fab63cc4SDoug Rabson     * character device resident on the file system.
80fab63cc4SDoug Rabson     */
81fab63cc4SDoug Rabson    if (mode & VWRITE) {
82fab63cc4SDoug Rabson	switch (vp->v_type) {
83fab63cc4SDoug Rabson	case VDIR:
84fab63cc4SDoug Rabson	case VLNK:
85fab63cc4SDoug Rabson	case VREG:
86fab63cc4SDoug Rabson	    if (vp->v_mount->mnt_flag & MNT_RDONLY)
87fab63cc4SDoug Rabson		return EROFS;
88fab63cc4SDoug Rabson
89fab63cc4SDoug Rabson	    break;
90fab63cc4SDoug Rabson	}
91fab63cc4SDoug Rabson    }
92fab63cc4SDoug Rabson
93fab63cc4SDoug Rabson    /* If immutable bit set, nobody gets to write it. */
94fab63cc4SDoug Rabson    if ((mode & VWRITE) && vp has immutable bit set)
95fab63cc4SDoug Rabson	return EPERM;
96fab63cc4SDoug Rabson
97fab63cc4SDoug Rabson    /* Otherwise, user id 0 always gets access. */
98fab63cc4SDoug Rabson    if (cred->cr_uid == 0)
99fab63cc4SDoug Rabson	return 0;
100fab63cc4SDoug Rabson
101fab63cc4SDoug Rabson    mask = 0;
102fab63cc4SDoug Rabson
103fab63cc4SDoug Rabson    /* Otherwise, check the owner. */
104fab63cc4SDoug Rabson    if (cred->cr_uid == owner of vp) {
105fab63cc4SDoug Rabson	if (mode & VEXEC)
106fab63cc4SDoug Rabson	    mask |= S_IXUSR;
107fab63cc4SDoug Rabson	if (mode & VREAD)
108fab63cc4SDoug Rabson	    mask |= S_IRUSR;
109fab63cc4SDoug Rabson	if (mode & VWRITE)
110fab63cc4SDoug Rabson	    mask |= S_IWUSR;
111fab63cc4SDoug Rabson	return (((mode of vp) & mask) == mask ? 0 : EACCES);
112fab63cc4SDoug Rabson    }
113fab63cc4SDoug Rabson
114fab63cc4SDoug Rabson    /* Otherwise, check the groups. */
115fab63cc4SDoug Rabson    for (i = 0, gp = cred->cr_groups; i < cred->cr_ngroups; i++, gp++)
116fab63cc4SDoug Rabson	if (group of vp == *gp) {
117fab63cc4SDoug Rabson	    if (mode & VEXEC)
118fab63cc4SDoug Rabson		mask |= S_IXGRP;
119fab63cc4SDoug Rabson	    if (mode & VREAD)
120fab63cc4SDoug Rabson		mask |= S_IRGRP;
121fab63cc4SDoug Rabson	    if (mode & VWRITE)
122fab63cc4SDoug Rabson		mask |= S_IWGRP;
123fab63cc4SDoug Rabson	    return (((mode of vp) & mask) == mask ? 0 : EACCES);
124fab63cc4SDoug Rabson	}
125fab63cc4SDoug Rabson
126fab63cc4SDoug Rabson    /* Otherwise, check everyone else. */
127fab63cc4SDoug Rabson    if (mode & VEXEC)
128fab63cc4SDoug Rabson	mask |= S_IXOTH;
129fab63cc4SDoug Rabson    if (mode & VREAD)
130fab63cc4SDoug Rabson	mask |= S_IROTH;
131fab63cc4SDoug Rabson    if (mode & VWRITE)
132fab63cc4SDoug Rabson	mask |= S_IWOTH;
133fab63cc4SDoug Rabson    return (((mode of vp) & mask) == mask ? 0 : EACCES);
134fab63cc4SDoug Rabson}
135fab63cc4SDoug Rabson.Ed
136fab63cc4SDoug Rabson.Sh ERRORS
137eaa8b244SMike Pritchard.Bl -tag -width Er
138fab63cc4SDoug Rabson.It Bq Er EPERM
139fab63cc4SDoug RabsonAn attempt was made to change an immutable file
140fab63cc4SDoug Rabson.It Bq Er EACCES
141fab63cc4SDoug RabsonPermission denied
142fab63cc4SDoug Rabson.El
143fab63cc4SDoug Rabson.Sh SEE ALSO
144fab63cc4SDoug Rabson.Xr vnode 9
145fab63cc4SDoug Rabson.Sh AUTHORS
146fab63cc4SDoug RabsonThis man page was written by Doug Rabson.
147