#include <unistd.h> int access(const char *path, int amode); #include <fcntl.h> int faccessat(int fd, const char *path, int amode, int flag);
The value of amode is either the bitwise-inclusive OR of the access permissions to be checked (R_OK, W_OK, X_OK) or the existence test (F_OK).
If any access permissions are checked, each shall be checked individually, as described in the Base Definitions volume of POSIX.1-2017, Section 4.5, File Access Permissions, except that where that description refers to execute permission for a process with appropriate privileges, an implementation may indicate success for X_OK even if execute permission is not granted to any user.
The faccessat() function, when called with a flag value of zero, shall be equivalent to the access() function, except in the case where path specifies a relative path. In this case the file whose accessibility is to be determined shall be located relative to the directory associated with the file descriptor fd instead of the current working directory. If the access mode of the open file description associated with the file descriptor is not O_SEARCH, the function shall check whether directory searches are permitted using the current permissions of the directory underlying the file descriptor. If the access mode is O_SEARCH, the function shall not perform the check.
If faccessat() is passed the special value AT_FDCWD in the fd parameter, the current working directory shall be used and, if flag is zero, the behavior shall be identical to a call to access().
Values for flag are constructed by a bitwise-inclusive OR of flags from the following list, defined in <fcntl.h>:
The faccessat() function shall fail if:
These functions may fail if:
The faccessat() function may fail if:
The following example tests whether a file named myfile exists in the /tmp directory.
#include <unistd.h> ... int result; const char *pathname = "/tmp/myfile"; result = access (pathname, F_OK);
Historically, one of the uses of access() was in set-user-ID root programs to check whether the user running the program had access to a file. This relied on ``super-user'' privileges which were granted based on the effective user ID being zero, so that when access() used the real user ID to check accessibility those privileges were not taken into account. On newer systems where privileges can be assigned which have no association with user or group IDs, if a program with such privileges calls access(), the change of IDs has no effect on the privileges and therefore they are taken into account in the accessibility checks. Thus, access() (and faccessat() with flag zero) cannot be used for this historical purpose in such programs. Likewise, if a system provides any additional or alternate file access control mechanisms that are not user ID-based, they will still be taken into account.
If a relative pathname is used, no account is taken of whether the current directory (or the directory associated with the file descriptor fd) is accessible via any absolute pathname. Applications using access(), or faccessat() without AT_EACCES, may consequently act as if the file would be accessible to a user with the real user ID and group ID of the process when such a user would not in practice be able to access the file because access would be denied at some point above the current directory (or the directory associated with the file descriptor fd) in the file hierarchy.
If access() or faccessat() is used with W_OK to check for write access to a directory which has the S_ISVTX bit set, a return value indicating the directory is writable can be misleading since some operations on files in the directory would not be permitted based on the ownership of those files (see the Base Definitions volume of POSIX.1-2017, Section 4.3, Directory Protection).
Additional values of amode other than the set defined in the description may be valid; for example, if a system has extended access controls.
However, the historical model of eaccess() does not resolve problem (1), so this volume of POSIX.1-2017 now allows access() to behave in the desired way because several implementations have corrected the problem. It was also argued that problem (2) is more easily solved by using open(), chdir(), or one of the exec functions as appropriate and responding to the error, rather than creating a new function that would not be as reliable. Therefore, eaccess() is not included in this volume of POSIX.1-2017.
The sentence concerning appropriate privileges and execute permission bits reflects the two possibilities implemented by historical implementations when checking superuser access for X_OK.
New implementations are discouraged from returning X_OK unless at least one execution permission bit is set.
The purpose of the faccessat() function is to enable the checking of the accessibility of files in directories other than the current working directory without exposure to race conditions. Any part of the path of a file could be changed in parallel to a call to access(), resulting in unspecified behavior. By opening a file descriptor for the target directory and using the faccessat() function it can be guaranteed that the file tested for accessibility is located relative to the desired directory.
Any typographical or formatting errors that appear in this page are most likely to have been introduced during the conversion of the source files to man page format. To report such errors, see https://www.kernel.org/doc/man-pages/reporting_bugs.html .