mirror of https://github.com/mkerrisk/man-pages
access.2: Document faccessat2()
faccessat2() was added in Linux 5.8 and enables a fix to longstanding bugs in the faccessat() wrapper function. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
06ad6cdfac
commit
8729436021
|
@ -42,7 +42,7 @@
|
||||||
.\"
|
.\"
|
||||||
.TH ACCESS 2 2016-03-15 "Linux" "Linux Programmer's Manual"
|
.TH ACCESS 2 2016-03-15 "Linux" "Linux Programmer's Manual"
|
||||||
.SH NAME
|
.SH NAME
|
||||||
access, faccessat \- check user's permissions for a file
|
access, faccessat, faccessat2 \- check user's permissions for a file
|
||||||
.SH SYNOPSIS
|
.SH SYNOPSIS
|
||||||
.nf
|
.nf
|
||||||
.B #include <unistd.h>
|
.B #include <unistd.h>
|
||||||
|
@ -53,6 +53,10 @@ access, faccessat \- check user's permissions for a file
|
||||||
.B #include <unistd.h>
|
.B #include <unistd.h>
|
||||||
.PP
|
.PP
|
||||||
.BI "int faccessat(int " dirfd ", const char *" pathname ", int " \
|
.BI "int faccessat(int " dirfd ", const char *" pathname ", int " \
|
||||||
|
mode ", int " flags );
|
||||||
|
/* But see C library/kernel differences, below */
|
||||||
|
|
||||||
|
.BI "int faccessat2(int " dirfd ", const char *" pathname ", int " \
|
||||||
mode ", int " flags );
|
mode ", int " flags );
|
||||||
.fi
|
.fi
|
||||||
.PP
|
.PP
|
||||||
|
@ -126,9 +130,8 @@ then an
|
||||||
check is successful for a regular file if execute permission
|
check is successful for a regular file if execute permission
|
||||||
is enabled for any of the file owner, group, or other.
|
is enabled for any of the file owner, group, or other.
|
||||||
.SS faccessat()
|
.SS faccessat()
|
||||||
The
|
|
||||||
.BR faccessat ()
|
.BR faccessat ()
|
||||||
system call operates in exactly the same way as
|
operates in exactly the same way as
|
||||||
.BR access (),
|
.BR access (),
|
||||||
except for the differences described here.
|
except for the differences described here.
|
||||||
.PP
|
.PP
|
||||||
|
@ -180,6 +183,25 @@ See
|
||||||
.BR openat (2)
|
.BR openat (2)
|
||||||
for an explanation of the need for
|
for an explanation of the need for
|
||||||
.BR faccessat ().
|
.BR faccessat ().
|
||||||
|
.\"
|
||||||
|
.SS faccessat2()
|
||||||
|
The description of
|
||||||
|
.BR faccessat ()
|
||||||
|
given above corresponds to POSIX.1 and
|
||||||
|
to the implementation provided by glibc.
|
||||||
|
However, the glibc implementation was an imperfect emulation (see BUGS)
|
||||||
|
that papered over the fact that the raw Linux
|
||||||
|
.BR faccessat ()
|
||||||
|
system call does not have a
|
||||||
|
.I flags
|
||||||
|
argument.
|
||||||
|
To allow for a proper implementation, Linux 5.8 added the
|
||||||
|
.BR faccessat2 ()
|
||||||
|
system call, which supports the
|
||||||
|
.I flags
|
||||||
|
argument and allows a correct implementation of the
|
||||||
|
.BR faccessat ()
|
||||||
|
wrapper function.
|
||||||
.SH RETURN VALUE
|
.SH RETURN VALUE
|
||||||
On success (all requested permissions granted, or
|
On success (all requested permissions granted, or
|
||||||
.I mode
|
.I mode
|
||||||
|
@ -273,12 +295,18 @@ is a file descriptor referring to a file other than a directory.
|
||||||
.BR faccessat ()
|
.BR faccessat ()
|
||||||
was added to Linux in kernel 2.6.16;
|
was added to Linux in kernel 2.6.16;
|
||||||
library support was added to glibc in version 2.4.
|
library support was added to glibc in version 2.4.
|
||||||
|
.PP
|
||||||
|
.BR faccessat2 ()
|
||||||
|
was added to Linux in version 5.8.
|
||||||
.SH CONFORMING TO
|
.SH CONFORMING TO
|
||||||
.BR access ():
|
.BR access ():
|
||||||
SVr4, 4.3BSD, POSIX.1-2001, POSIX.1-2008.
|
SVr4, 4.3BSD, POSIX.1-2001, POSIX.1-2008.
|
||||||
.PP
|
.PP
|
||||||
.BR faccessat ():
|
.BR faccessat ():
|
||||||
POSIX.1-2008.
|
POSIX.1-2008.
|
||||||
|
.PP
|
||||||
|
.BR faccessat2 ():
|
||||||
|
Linux-specific.
|
||||||
.SH NOTES
|
.SH NOTES
|
||||||
.BR Warning :
|
.BR Warning :
|
||||||
Using these calls to check if a user is authorized to, for example,
|
Using these calls to check if a user is authorized to, for example,
|
||||||
|
@ -375,12 +403,17 @@ system call does not support a
|
||||||
.I flags
|
.I flags
|
||||||
argument, the glibc
|
argument, the glibc
|
||||||
.BR faccessat ()
|
.BR faccessat ()
|
||||||
wrapper function emulates the required functionality using
|
wrapper function provided in glibc 2.32 and earlier
|
||||||
|
emulates the required functionality using
|
||||||
a combination of the
|
a combination of the
|
||||||
.BR faccessat ()
|
.BR faccessat ()
|
||||||
system call and
|
system call and
|
||||||
.BR fstatat (2).
|
.BR fstatat (2).
|
||||||
However, this emulation does not take ACLs into account.
|
However, this emulation does not take ACLs into account.
|
||||||
|
Starting with glibc 2.33, the wrapper function avoids this bug
|
||||||
|
by making use of the
|
||||||
|
.BR faccessat2 ()
|
||||||
|
system call where it is provided by the underlying kernel.
|
||||||
.PP
|
.PP
|
||||||
In kernel 2.4 (and earlier) there is some strangeness in the handling of
|
In kernel 2.4 (and earlier) there is some strangeness in the handling of
|
||||||
.B X_OK
|
.B X_OK
|
||||||
|
|
Loading…
Reference in New Issue