HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. |  |
NAME |LIBRARY |SYNOPSIS |DESCRIPTION |RETURN VALUE |ERRORS |VERSIONS |STANDARDS |HISTORY |NOTES |BUGS |SEE ALSO |COLOPHON | |
access(2) System Calls Manualaccess(2)access, faccessat, faccessat2 - check user's permissions for a file
Standard C library (libc,-lc)
#include <unistd.h>int access(const char *path, intmode);#include <fcntl.h>/* Definition ofAT_*constants */#include <unistd.h>int faccessat(intdirfd, const char *path, intmode, intflags); /* But see C library/kernel differences, below */#include <fcntl.h>/* Definition ofAT_*constants */#include <sys/syscall.h>/* Definition ofSYS_*constants */#include <unistd.h>int syscall(SYS_faccessat2,intdirfd, const char *path, intmode, intflags); Feature Test Macro Requirements for glibc (seefeature_test_macros(7)):faccessat(): Since glibc 2.10: _POSIX_C_SOURCE >= 200809L Before glibc 2.10: _ATFILE_SOURCE
access() checks whether the calling process can access the filepath. Ifpath is a symbolic link, it is dereferenced. Themode specifies the accessibility check(s) to be performed, and is either the valueF_OK, or a mask consisting of the bitwise OR of one or more ofR_OK,W_OK, andX_OK.F_OKtests for the existence of the file.R_OK,W_OK, andX_OKtest whether the file exists and grants read, write, and execute permissions, respectively. The check is done using the calling process'sreal UID and GID, rather than the effective IDs as is done when actually attempting an operation (e.g.,open(2)) on the file. Similarly, for the root user, the check uses the set of permitted capabilities rather than the set of effective capabilities; and for non-root users, the check uses an empty set of capabilities. This allows set-user-ID programs and capability-endowed programs to easily determine the invoking user's authority. In other words,access() does not answer the "can I read/write/execute this file?" question. It answers a slightly different question: "(assuming I'm a setuid binary) canthe user who invoked me read/write/execute this file?", which gives set-user-ID programs the possibility to prevent malicious users from causing them to read files which users shouldn't be able to read. If the calling process is privileged (i.e., its real UID is zero), then anX_OKcheck is successful for a regular file if execute permission is enabled for any of the file owner, group, or other.faccessat()faccessat() operates in exactly the same way asaccess(), except for the differences described here. Ifpath is relative, then it is interpreted relative to the directory referred to by the file descriptordirfd (rather than relative to the current working directory of the calling process, as is done byaccess() for a relative pathname). Ifpath is relative anddirfd is the special valueAT_FDCWD, thenpath is interpreted relative to the current working directory of the calling process (likeaccess()). Ifpath is absolute, thendirfd is ignored.flags is constructed by ORing together zero or more of the following values:AT_EACCESS Perform access checks using the effective user and group IDs. By default,faccessat() uses the real IDs (likeaccess()).AT_EMPTY_PATH(since Linux 5.8) Ifpath is an empty string, operate on the file referred to bydirfd (which may have been obtained using theopen(2)O_PATHflag). In this case,dirfd can refer to any type of file, not just a directory. Ifdirfd isAT_FDCWD, the call operates on the current working directory. This flag is Linux-specific; define_GNU_SOURCEto obtain its definition.AT_SYMLINK_NOFOLLOW Ifpath is a symbolic link, do not dereference it: instead return information about the link itself. Seeopenat(2) for an explanation of the need forfaccessat().faccessat2() The description offaccessat() given above corresponds to POSIX.1 and to the implementation provided by glibc. However, the glibc implementation was an imperfect emulation (see BUGS) that papered over the fact that the raw Linuxfaccessat() system call does not have aflags argument. To allow for a proper implementation, Linux 5.8 added thefaccessat2() system call, which supports theflags argument and allows a correct implementation of thefaccessat() wrapper function.
On success (all requested permissions granted, ormode isF_OKand the file exists), zero is returned. On error (at least one bit inmode asked for a permission that is denied, ormode isF_OKand the file does not exist, or some other error occurred), -1 is returned, anderrno is set to indicate the error.
EACCESThe requested access would be denied to the file, or search permission is denied for one of the directories in the path prefix ofpath. (See alsopath_resolution(7).)EBADF(faccessat())path is relative butdirfd is neitherAT_FDCWD(faccessat()) nor a valid file descriptor.EFAULTpath points outside your accessible address space.EINVALmode was incorrectly specified.EINVAL(faccessat()) Invalid flag specified inflags.EIOAn I/O error occurred.ELOOPToo many symbolic links were encountered in resolvingpath.ENAMETOOLONGpath is too long.ENOENTA component ofpath does not exist or is a dangling symbolic link.ENOMEMInsufficient kernel memory was available.ENOTDIR A component used as a directory inpath is not, in fact, a directory.ENOTDIR (faccessat())path is relative anddirfd is a file descriptor referring to a file other than a directory.EPERMWrite permission was requested to a file that has the immutable flag set. See alsoFS_IOC_SETFLAGS(2const).EROFSWrite permission was requested for a file on a read-only filesystem.ETXTBSY Write access was requested to an executable which is being executed.
If the calling process has appropriate privileges (i.e., is superuser), POSIX.1-2001 permits an implementation to indicate success for anX_OKcheck even if none of the execute file permission bits are set. Linux does not do this.C library/kernel differences The rawfaccessat() system call takes only the first three arguments. TheAT_EACCESSandAT_SYMLINK_NOFOLLOWflags are actually implemented within the glibc wrapper function forfaccessat(). If either of these flags is specified, then the wrapper function employsfstatat(2) to determine access permissions, but see BUGS.glibc notes On older kernels wherefaccessat() is unavailable (and when theAT_EACCESSandAT_SYMLINK_NOFOLLOWflags are not specified), the glibc wrapper function falls back to the use ofaccess(). Whenpath is relative, glibc constructs a pathname based on the symbolic link in/proc/self/fd that corresponds to thedirfd argument.
access()faccessat() POSIX.1-2008.faccessat2() Linux.
access() SVr4, 4.3BSD, POSIX.1-2001.faccessat() Linux 2.6.16, glibc 2.4.faccessat2() Linux 5.8.
Warning: Using these calls to check if a user is authorized to, for example, open a file before actually doing so usingopen(2) creates a security hole, because the user might exploit the short time interval between checking and opening the file to manipulate it.For this reason, the use of this system call should beavoided. (In the example just described, a safer alternative would be to temporarily switch the process's effective user ID to the real ID and then callopen(2).)access() always dereferences symbolic links. If you need to check the permissions on a symbolic link, usefaccessat() with the flagAT_SYMLINK_NOFOLLOW. These calls return an error if any of the access types inmode is denied, even if some of the other access types inmode are permitted. A file is accessible only if the permissions on each of the directories in the path prefix ofpath grant search (i.e., execute) access. If any directory is inaccessible, then theaccess() call fails, regardless of the permissions on the file itself. Only access bits are checked, not the file type or contents. Therefore, if a directory is found to be writable, it probably means that files can be created in the directory, and not that the directory can be written as a file. Similarly, a DOS file may be reported as executable, but theexecve(2) call will still fail. These calls may not work correctly on NFSv2 filesystems with UID mapping enabled, because UID mapping is done on the server and hidden from the client, which checks permissions. (NFS versions 3 and higher perform the check on the server.) Similar problems can occur to FUSE mounts.
Because the Linux kernel'sfaccessat() system call does not support aflags argument, the glibcfaccessat() wrapper function provided in glibc 2.32 and earlier emulates the required functionality using a combination of thefaccessat() system call andfstatat(2). However, this emulation does not take ACLs into account. Starting with glibc 2.33, the wrapper function avoids this bug by making use of thefaccessat2() system call where it is provided by the underlying kernel. In Linux 2.4 (and earlier) there is some strangeness in the handling ofX_OKtests for superuser. If all categories of execute permission are disabled for a nondirectory file, then the onlyaccess() test that returns -1 is whenmode is specified as justX_OK; ifR_OKorW_OKis also specified inmode, thenaccess() returns 0 for such files. Early Linux 2.6 (up to and including Linux 2.6.3) also behaved in the same way as Linux 2.4. Before Linux 2.6.20, these calls ignored the effect of theMS_NOEXECflag if it was used tomount(2) the underlying filesystem. Since Linux 2.6.20, theMS_NOEXECflag is honored.
chmod(2),chown(2),open(2),setgid(2),setuid(2),stat(2),euidaccess(3),credentials(7),path_resolution(7),symlink(7)
This page is part of theman-pages (Linux kernel and C library user-space interface documentation) project. Information about the project can be found at ⟨https://www.kernel.org/doc/man-pages/⟩. If you have a bug report for this manual page, see ⟨https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/tree/CONTRIBUTING⟩. This page was obtained from the tarball man-pages-6.15.tar.gz fetched from ⟨https://mirrors.edge.kernel.org/pub/linux/docs/man-pages/⟩ on 2025-08-11. If you discover any rendering problems in this HTML version of the page, or you believe there is a better or more up- to-date source for the page, or you have corrections or improvements to the information in this COLOPHON (which isnot part of the original manual page), send a mail to man-pages@man7.orgLinux man-pages 6.15 2025-05-17access(2)Pages that refer to this page:find(1), pmseries(1), strace(1), test(1), open(2), stat(2), statx(2), syscalls(2), euidaccess(3), cpuset(7), credentials(7), landlock(7), signal-safety(7), spufs(7), symlink(7), lsof(8)
HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. | |