access函数

access()：判断是否具有存取文件的权限

相关函数
    stat，open，chmod，chown，setuid，setgid
表头文件
    #include<unistd.h>
定义函数
    int access(const char * pathname, int mode);
函数说明
    access()会检查是否可以读/写某一已存在的文件。参数mode有几种情况组合， R_OK，W_OK，X_OK 和F_OK。R_OK，W_OK与X_OK用来检查文件是否具有读取、写入和执行的权限。F_OK则是用来判断该文件是否存在。由于access()只作权限的核查，并不理会文件形态或文件内容，因此，如果一目录表示为“可写入”，表示可以在该目录中建立新文件等操作，而非意味此目录可以被当做文件处理。例如，你会发现DOS的文件都具有“可执行”权限，但用execve()执行时则会失败。
返回值
    若所有欲查核的权限都通过了检查则返回0值，表示成功，只要有一权限被禁止则返回-1。
错误代码
    EACCESS 参数pathname 所指定的文件不符合所要求测试的权限。
    EROFS 欲测试写入权限的文件存在于只读文件系统内。
    EFAULT 参数pathname指针超出可存取内存空间。
    EINVAL 参数mode 不正确。
    ENAMETOOLONG 参数pathname太长。
    ENOTDIR 参数pathname为一目录。
    ENOMEM 核心内存不足    
    ELOOP 参数pathname有过多符号连接问题。
    EIO I/O 存取错误。
附加说明
    使用access()作用户认证方面的判断要特别小心，例如在access()后再做open()的空文件可能会造成系统安全上的问题。

范例

#include<unistd.h>
int main()
{
    if (access(“/etc/passwd”,R_OK) = =0)
        printf(“/etc/passwd can be read\n”);
}
执行
/etc/passwd can be read 

 

man access

ACCESS(2)                  Linux Programmer’s Manual                 ACCESS(2)

NAME
       access - check user’s permissions for a file

SYNOPSIS
       #include <unistd.h>

       int access(const char *pathname, int mode);

DESCRIPTION
       access() checks whether the process would be allowed to read, write or test for existence of the file (or other
       file system object) whose name is pathname.  If pathname is a symbolic link permissions of the file referred to
       by this symbolic link are tested.

       mode is a mask consisting of one or more of R_OK, W_OK, X_OK and F_OK.

       R_OK,  W_OK  and  X_OK  request  checking  whether the file exists and has read, write and execute permissions,
       respectively.  F_OK just requests checking for the existence of the file.

       The tests depend on the permissions of the directories occurring in the path to the file, as given in pathname,
       and on the permissions of directories and files referred to by symbolic links encountered on the way.

       The check is done with the process’s real UID and GID, rather than with the effective IDs as is done when actu-
       ally attempting an operation.  This is to allow set-user-ID programs to easily determine  the  invoking  user’s
       authority.

       Only  access  bits  are  checked,  not  the  file  type  or contents.  Therefore, if a directory is found to be
       "writable," it probably means that files can be created in the directory, and not that  the  directory  can  be
       written  as  a  file.  Similarly, a DOS file may be found to be "executable," but the execve(2) call will still
       fail.

       If the process has appropriate privileges, an implementation may indicate success for X_OK even if none of  the
       execute file permission bits are set.

RETURN VALUE
       On success (all requested permissions granted), zero is returned.  On error (at least one bit in mode asked for
       a permission that is denied, or some other error occurred), -1 is returned, and errno is set appropriately.

ERRORS
       access() shall fail if:

       EACCES The requested access would be denied to the file or search permission is denied for one of the  directo-
              ries in the path prefix of pathname.  (See also path_resolution(2).)

       ELOOP  Too many symbolic links were encountered in resolving pathname.

       ENAMETOOLONG
              pathname is too long.

       ENOENT A  directory  component in pathname would have been accessible but does not exist or was a dangling sym-
              bolic link.

       ENOTDIR
              A component used as a directory in pathname is not, in fact, a directory.

       EROFS  Write permission was requested for a file on a read-only filesystem.

       access() may fail if:

       EFAULT pathname points outside your accessible address space.

       EINVAL mode was incorrectly specified.

       EIO    An I/O error occurred.

       ENOMEM Insufficient kernel memory was available.

       ETXTBSY
              Write access was requested to an executable which is being executed.

RESTRICTIONS
       access() returns an error if any of the access types in the requested call fails, even if other types might  be
       successful.

       access()  may  not  work correctly on NFS file systems with UID mapping enabled, because UID mapping is done on
       the server and hidden from the client, which checks permissions.

       Using access() to check if a user is authorized to e.g. open a file before actually doing so using open(2) cre-
       ates  a  security hole, because the user might exploit the short time interval between checking and opening the
       file to manipulate it.

CONFORMING TO
       SVr4, POSIX.1-2001, 4.3BSD

SEE ALSO
       chmod(2), chown(2), faccessat(2), open(2), path_resolution(2), setgid(2), setuid(2), stat(2)

Linux                             2004-06-23                         ACCESS(2)