:man| Alphabetical   Categories   About us 
 
VOP_ACCESS (9) | Kernel routines | Unix Manual Pages | :man

NAME

VOP_ACCESS - "check access permissions of a file or Unix domain socket"

CONTENTS

Synopsis
Description
Locks
Return Values
Pseudocode
Errors
See Also
Authors

SYNOPSIS


.In sys/param.h
.In sys/vnode.h int VOP_ACCESS "struct vnode *vp" "int mode" "struct ucred *cred" "struct thread *td"

DESCRIPTION

This entry point checks the access permissions of the file against the given credentials.

Its arguments are:

vp The vnode of the file to check.
mode The type of access required.
cred The user credentials to check.
td The thread which is checking.

The mode is a mask which can contain VREAD, VWRITE or VEXEC.

LOCKS

The vnode will be locked on entry and should remain locked on return.

RETURN VALUES

If the file is accessible in the specified way, then zero is returned, otherwise an appropriate error code is returned.

PSEUDOCODE


int
vop_access(struct vnode *vp, int mode, struct ucred *cred, struct thread *td)
{
int error;


/*
* Disallow write attempts on read-only file systems;
* unless the file is a socket, fifo, or a block or
* character device resident on the filesystem.
*/
if (mode & VWRITE) {
switch (vp->v_type) {
case VDIR:
case VLNK:
case VREG:
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return EROFS;


break;
}
}


/* If immutable bit set, nobody gets to write it. */
if ((mode & VWRITE) && vp has immutable bit set)
return EPERM;


/* Otherwise, user id 0 always gets access. */
if (cred->cr_uid == 0)
return 0;


mask = 0;


/* Otherwise, check the owner. */
if (cred->cr_uid == owner of vp) {
if (mode & VEXEC)
mask |= S_IXUSR;
if (mode & VREAD)
mask |= S_IRUSR;
if (mode & VWRITE)
mask |= S_IWUSR;
return (((mode of vp) & mask) == mask ? 0 : EACCES);
}


/* Otherwise, check the groups. */
for (i = 0, gp = cred->cr_groups; i < cred->cr_ngroups; i++, gp++)
if (group of vp == *gp) {
if (mode & VEXEC)
mask |= S_IXGRP;
if (mode & VREAD)
mask |= S_IRGRP;
if (mode & VWRITE)
mask |= S_IWGRP;
return (((mode of vp) & mask) == mask ? 0 : EACCES);
}


/* Otherwise, check everyone else. */
if (mode & VEXEC)
mask |= S_IXOTH;
if (mode & VREAD)
mask |= S_IROTH;
if (mode & VWRITE)
mask |= S_IWOTH;
return (((mode of vp) & mask) == mask ? 0 : EACCES);
}

ERRORS

[EPERM]
An attempt was made to change an immutable file.
[EACCES]
The permission bits the file mode or the ACL do not permit the requested access.

SEE ALSO

vaccess(9), vaccess_acl_posix1e(9), vnode(9)

AUTHORS


Share this page

     Follow us

Facebook Twitter Google+ LinkedIn


 
Created by Blin Media, 2008-2013