getaccess.2 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

getaccess(2) getaccess(2)

NAME

getaccess() - get a user’s effective access rights to a ﬁle

SYNOPSIS

#include <sys/getaccess.h>

int getaccess(

const char *path,

uid_t uid,

int ngroups,

const gid_t *gidset,

void *label,

void *privs

);

DESCRIPTION

getaccess() identiﬁes the access rights (read, write, execute/search) a speciﬁc user ID has to an exist-

ing ﬁle. path points to a path name of a ﬁle. If the call succeeds, it returns a value of zero or greater,

representing the speciﬁed user’s effective access rights (modes) to the ﬁle. The rights are expressed as the

logical OR of bits (R_OK, W_OK

, and X_OK) whose values are deﬁned in the header <unistd.h>.A

return of zero means that access is denied.

The uid parameter is a user ID. Special values, deﬁned in

, represent the calling

process’s effective, real, or saved user ID:

UID_EUID Effective user ID.

UID_RUID Real user ID.

UID_SUID Saved user ID.

ngroups is the number of group IDs in gidset , not to exceed

sysconf(_SC_NGROUPS_MAX)

+1. Ifthe

ngroups parameter is positive, the gidset parameter is an array of group ID values to use in the check. If

ngroups is a recognized negative value, gidset is ignored. Special negative values of ngroups , deﬁned in

, represent various combinations of the process’s effective, real, or saved user ID

and its supplementary groups list:

NGROUPS_EGID Use process’s effective group ID only.

NGROUPS_RGID Use process’s real group ID only.

NGROUPS_SGID Use process’s saved group ID only.

NGROUPS_SUPP Use process’s supplementary groups only.

NGROUPS_EGID_SUPP

Use process’s effective group ID plus supplementary groups.

NGROUPS_RGID_SUPP

Use process’s real group ID plus supplementary groups.

NGROUPS_SGID_SUPP

Use process’s saved group ID plus supplementary groups.

The label and privs parameters are placeholders for future extensions. For now, the values of these

parameters must be

(void *) 0.

The access check rules for access control lists are described in acl (5) and aclv (5). In addition, the

W_OK

bit is cleared for ﬁles on read-only ﬁle systems or shared-text programs being executed. Note that as in

access (2), the X_OK bit is not turned off for shared-text programs open for writing because there is no

easy way to know that a ﬁle open for writing is a shared-text program.

getaccess() checks each directory component of path by ﬁrst using the caller’s effective user ID,

effective group ID, and supplementary groups list, regardless of the user ID speciﬁed. An error occurs,

distinct from "no access allowed," if the caller cannot search the path to the ﬁle. (In this case it is inap-

propriate for the caller to learn anything about the ﬁle.)

Comparison of access and getaccess

The following table compares various attributes of

access() and getaccess().

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (4 pages)

PAGE 1
getaccess(2) getaccess(2) NAME getaccess() - get a user’s effective access rights to a file SYNOPSIS #include int getaccess( const char *path, uid_t uid, int ngroups, const gid_t *gidset, void *label, void *privs ); DESCRIPTION getaccess() identifies the access rights (read, write, execute/search) a specific user ID has to an existing file. path points to a path name of a file.
PAGE 2
getaccess(2) A gA getaccess(2) access() Checks all ACL entries (HFS and JFS File Systems only) Same Uses real uid, real gid, and supplementary groups list Uses specified uid and groups list; macros available for typical values Checks specific succeed or fail Returns all mode bits, each on or off mode value, returns getaccess() Checks path to file using caller’s effective IDs Same W_OK false if shared-text file currently being executed Same W_OK false if file on read-only file system Same
PAGE 3
getaccess(2) getaccess(2) [ENOENT] The named file does not exist (for example, path is null or a component of path does not exist). [ENOTDIR] A component of the path prefix is not a directory. [EOPNOTSUPP] getaccess() is not supported on some types of remote files. EXAMPLES The following call determines the caller’s effective access rights to file test and succeeds if the user has read access: #include #include
PAGE 4
(Notes) A (Notes) gA 4 Hewlett-Packard Company −1− HP-UX 11i Version 3: September 2010