xref: /freebsd/share/man/man9/VOP_ACCESS.9 (revision a8445737e740901f5f2c8d24c12ef7fc8b00134e)
1.\" -*- nroff -*-
2.\" -*- nroff -*-
3.\"
4.\" Copyright (c) 1996 Doug Rabson
5.\"
6.\" All rights reserved.
7.\"
8.\" This program is free software.
9.\"
10.\" Redistribution and use in source and binary forms, with or without
11.\" modification, are permitted provided that the following conditions
12.\" are met:
13.\" 1. Redistributions of source code must retain the above copyright
14.\"    notice, this list of conditions and the following disclaimer.
15.\" 2. Redistributions in binary form must reproduce the above copyright
16.\"    notice, this list of conditions and the following disclaimer in the
17.\"    documentation and/or other materials provided with the distribution.
18.\"
19.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
20.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
23.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29.\"
30.\" $Id: VOP_ACCESS.9,v 1.4 1997/04/13 14:48:48 bde Exp $
31.\"
32.Dd July 24, 1996
33.Os
34.Dt VOP_ACCESS 9
35.Sh NAME
36.Nm VOP_ACCESS
37.Nd check access permissions of a file or Unix domain socket
38.Sh SYNOPSIS
39.Fd #include <sys/param.h>
40.Fd #include <sys/vnode.h>
41.Ft int
42.Fn VOP_ACCESS "struct vnode *vp" "int mode" "struct ucred *cred" "struct proc *p"
43.Sh DESCRIPTION
44This entry point checks the access permissions of the file against the
45given credentials.
46.Pp
47Its arguments are:
48.Bl -tag -width mode
49.It Ar vp
50the vnode of the file to check
51.It Ar mode
52the type of access required
53.It Ar cred
54the user credentials to check
55.It Ar p
56the process which is checking
57.El
58.Pp
59The
60.Fa mode
61is a mask which can contain
62.Dv VREAD ,
63.Dv VWRITE or
64.Dv VEXEC.
65.Sh LOCKS
66The vnode should be locked on entry.
67.Sh RETURN VALUES
68If the file is accessible in the specified way, then zero is returned,
69otherwise an appropriate error code is returned.
70.Sh PSEUDOCODE
71.Bd -literal
72int
73vop_access(struct vnode *vp, int mode, struct ucred *cred, struct proc *p)
74{
75    int error;
76
77    /*
78     * Disallow write attempts on read-only file systems;
79     * unless the file is a socket, fifo, or a block or
80     * character device resident on the file system.
81     */
82    if (mode & VWRITE) {
83	switch (vp->v_type) {
84	case VDIR:
85	case VLNK:
86	case VREG:
87	    if (vp->v_mount->mnt_flag & MNT_RDONLY)
88		return EROFS;
89
90	    break;
91	}
92    }
93
94    /* If immutable bit set, nobody gets to write it. */
95    if ((mode & VWRITE) && vp has immutable bit set)
96	return EPERM;
97
98    /* Otherwise, user id 0 always gets access. */
99    if (cred->cr_uid == 0)
100	return 0;
101
102    mask = 0;
103
104    /* Otherwise, check the owner. */
105    if (cred->cr_uid == owner of vp) {
106	if (mode & VEXEC)
107	    mask |= S_IXUSR;
108	if (mode & VREAD)
109	    mask |= S_IRUSR;
110	if (mode & VWRITE)
111	    mask |= S_IWUSR;
112	return (((mode of vp) & mask) == mask ? 0 : EACCES);
113    }
114
115    /* Otherwise, check the groups. */
116    for (i = 0, gp = cred->cr_groups; i < cred->cr_ngroups; i++, gp++)
117	if (group of vp == *gp) {
118	    if (mode & VEXEC)
119		mask |= S_IXGRP;
120	    if (mode & VREAD)
121		mask |= S_IRGRP;
122	    if (mode & VWRITE)
123		mask |= S_IWGRP;
124	    return (((mode of vp) & mask) == mask ? 0 : EACCES);
125	}
126
127    /* Otherwise, check everyone else. */
128    if (mode & VEXEC)
129	mask |= S_IXOTH;
130    if (mode & VREAD)
131	mask |= S_IROTH;
132    if (mode & VWRITE)
133	mask |= S_IWOTH;
134    return (((mode of vp) & mask) == mask ? 0 : EACCES);
135}
136.Ed
137.Sh ERRORS
138.Bl -tag -width Er
139.It Bq Er EPERM
140An attempt was made to change an immutable file
141.It Bq Er EACCES
142Permission denied
143.El
144.Sh SEE ALSO
145.Xr vnode 9
146.Sh AUTHORS
147This man page was written by
148.An Doug Rabson .
149