1.\" -*- nroff -*- 2.\" -*- nroff -*- 3.\" 4.\" Copyright (c) 1996 Doug Rabson 5.\" 6.\" All rights reserved. 7.\" 8.\" This program is free software. 9.\" 10.\" Redistribution and use in source and binary forms, with or without 11.\" modification, are permitted provided that the following conditions 12.\" are met: 13.\" 1. Redistributions of source code must retain the above copyright 14.\" notice, this list of conditions and the following disclaimer. 15.\" 2. Redistributions in binary form must reproduce the above copyright 16.\" notice, this list of conditions and the following disclaimer in the 17.\" documentation and/or other materials provided with the distribution. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR 20.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 21.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 22.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, 23.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 24.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 28.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29.\" 30.\" $Id: VOP_ACCESS.9,v 1.4 1997/04/13 14:48:48 bde Exp $ 31.\" 32.Dd July 24, 1996 33.Os 34.Dt VOP_ACCESS 9 35.Sh NAME 36.Nm VOP_ACCESS 37.Nd check access permissions of a file or Unix domain socket 38.Sh SYNOPSIS 39.Fd #include <sys/param.h> 40.Fd #include <sys/vnode.h> 41.Ft int 42.Fn VOP_ACCESS "struct vnode *vp" "int mode" "struct ucred *cred" "struct proc *p" 43.Sh DESCRIPTION 44This entry point checks the access permissions of the file against the 45given credentials. 46.Pp 47Its arguments are: 48.Bl -tag -width mode 49.It Ar vp 50the vnode of the file to check 51.It Ar mode 52the type of access required 53.It Ar cred 54the user credentials to check 55.It Ar p 56the process which is checking 57.El 58.Pp 59The 60.Fa mode 61is a mask which can contain 62.Dv VREAD , 63.Dv VWRITE or 64.Dv VEXEC. 65.Sh LOCKS 66The vnode should be locked on entry. 67.Sh RETURN VALUES 68If the file is accessible in the specified way, then zero is returned, 69otherwise an appropriate error code is returned. 70.Sh PSEUDOCODE 71.Bd -literal 72int 73vop_access(struct vnode *vp, int mode, struct ucred *cred, struct proc *p) 74{ 75 int error; 76 77 /* 78 * Disallow write attempts on read-only file systems; 79 * unless the file is a socket, fifo, or a block or 80 * character device resident on the file system. 81 */ 82 if (mode & VWRITE) { 83 switch (vp->v_type) { 84 case VDIR: 85 case VLNK: 86 case VREG: 87 if (vp->v_mount->mnt_flag & MNT_RDONLY) 88 return EROFS; 89 90 break; 91 } 92 } 93 94 /* If immutable bit set, nobody gets to write it. */ 95 if ((mode & VWRITE) && vp has immutable bit set) 96 return EPERM; 97 98 /* Otherwise, user id 0 always gets access. */ 99 if (cred->cr_uid == 0) 100 return 0; 101 102 mask = 0; 103 104 /* Otherwise, check the owner. */ 105 if (cred->cr_uid == owner of vp) { 106 if (mode & VEXEC) 107 mask |= S_IXUSR; 108 if (mode & VREAD) 109 mask |= S_IRUSR; 110 if (mode & VWRITE) 111 mask |= S_IWUSR; 112 return (((mode of vp) & mask) == mask ? 0 : EACCES); 113 } 114 115 /* Otherwise, check the groups. */ 116 for (i = 0, gp = cred->cr_groups; i < cred->cr_ngroups; i++, gp++) 117 if (group of vp == *gp) { 118 if (mode & VEXEC) 119 mask |= S_IXGRP; 120 if (mode & VREAD) 121 mask |= S_IRGRP; 122 if (mode & VWRITE) 123 mask |= S_IWGRP; 124 return (((mode of vp) & mask) == mask ? 0 : EACCES); 125 } 126 127 /* Otherwise, check everyone else. */ 128 if (mode & VEXEC) 129 mask |= S_IXOTH; 130 if (mode & VREAD) 131 mask |= S_IROTH; 132 if (mode & VWRITE) 133 mask |= S_IWOTH; 134 return (((mode of vp) & mask) == mask ? 0 : EACCES); 135} 136.Ed 137.Sh ERRORS 138.Bl -tag -width Er 139.It Bq Er EPERM 140An attempt was made to change an immutable file 141.It Bq Er EACCES 142Permission denied 143.El 144.Sh SEE ALSO 145.Xr vnode 9 146.Sh AUTHORS 147This man page was written by 148.An Doug Rabson . 149