Ad

Does The Posix "access" Syscall Take ACLs Into Consideration?

- 1 answer

According to the man page, the POSIX syscall

int access(const char *pathname, int mode);

does the following

access() checks whether the calling process can access the file pathname. If pathname is a symbolic link, it is dereferenced.

Does it also check ACLs, or just the rights of owner/group/others ?
(assuming the OS&FS supports ACLs, and that there are ACLs on the file)

Specifically, does it check ACLs on Linux (when ACLs are enabled in the kernel and FS) ?

Ad

Answer

Yes, access should consider ACL and any other mechanisms that may be in place. Otherwise, it'd make access pointless. For example, if access says OK for reading a file but then an attempt to read the fails because of ACL or something else, that'd make it useless.

POSIX's access doesn't mention ACLs directly. But there are notes to suggest that additional mechanisms that may be present should be considered.

From POSIX's access:

[..] Likewise, if a system provides any additional or alternate file access control mechanisms that are not user ID-based, they will still be taken into account.

and

Additional values of amode other than the set defined in the description may be valid; for example, if a system has extended access controls.

Ad
source: stackoverflow.com
Ad