vop_access(9)

NAME

VOP_ACCESS - check access permissions of a file or Unix do
main socket

SYNOPSIS

#include <sys/param.h>
#include <sys/vnode.h>
int
VOP_ACCESS(struct vnode *vp, int mode, struct ucred *cred,
        struct thread *td);

DESCRIPTION

This entry point checks the access permissions of the file
against the given credentials.
Its arguments are:
vp The vnode of the file to check.
mode The type of access required.
cred The user credentials to check.
td The thread which is checking.
The mode is a mask which can contain VREAD, VWRITE or VEXEC.

LOCKS

The vnode will be locked on entry and should remain locked
on return.

RETURN VALUES

If the file is accessible in the specified way, then zero is
returned, otherwise an appropriate error code is returned.

PSEUDOCODE

int
vop_access(struct vnode *vp, int mode, struct ucred *cred,
struct thread *td) {: int error;; /*
* Disallow write attempts on read-only file systems;
* unless the file is a socket, fifo, or a block or
* character device resident on the filesystem.
*/; if (mode & VWRITE) {
switch (vp->v_type) {
case VDIR:
case VLNK:
case VREG:
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return EROFS;

break;

}; }; /* If immutable bit set, nobody gets to write it. */
if ((mode & VWRITE) && vp has immutable bit set)
return EPERM;; /* Otherwise, user id 0 always gets access. */
if (cred->cr_uid == 0)
return 0;; mask = 0;; /* Otherwise, check the owner. */
if (cred->cr_uid == owner of vp) {
if (mode & VEXEC)
mask |= S_IXUSR;

if (mode & VREAD)

mask |= S_IRUSR;

if (mode & VWRITE)

mask |= S_IWUSR;

return (((mode of vp) & mask) == mask ? 0 : EACCES);; }; /* Otherwise, check the groups. */
for (i = 0, gp = cred->cr_groups; i < cred->cr_ngroups;; i++, gp++)
if (group of vp == *gp) {
if (mode & VEXEC)
mask |= S_IXGRP;

if (mode & VREAD)

mask |= S_IRGRP;

if (mode & VWRITE)

mask |= S_IWGRP;

return (((mode of vp) & mask) == mask ? 0 : EAC

CES);

}; /* Otherwise, check everyone else. */
if (mode & VEXEC)
mask |= S_IXOTH;; if (mode & VREAD)
mask |= S_IROTH;; if (mode & VWRITE)
mask |= S_IWOTH;; return (((mode of vp) & mask) == mask ? 0 : EACCES);
}

ERRORS

[EPERM] An attempt was made to change an im
mutable file.
[EACCES] The permission bits the file mode or the
ACL do not: permit the requested access.

SEE ALSO

vaccess(9), vaccess_acl_posix1e(9), vnode(9)

AUTHORS

This manual page was written by Doug Rabson.
BSD July 24, 1996

Copyright © 2010-2024 Platon Technologies, s.r.o. Home | Man pages | tLDP | Documents | Utilities | About

Design by styleshout