getaccess.1 (2010 09)
g
getaccess(1) getaccess(1)
NAME
getaccess - list access rights to file(s)
SYNOPSIS
getaccess [-u user ][-g user ] group [, group ] ... ] [
-n] file ...
getaccess -r [-n] file ...
DESCRIPTION
getaccess lists for the specified files the effective access rights of the caller (that is, for their effective
user ID, effective group ID,
and supplementary groups list). By default, the command prints a symbolic
representation of the user’s access rights to the named file:
r or - for read/no read,
w or - for write/no
write, and
x or - for execute/no execute (for directories, search/no search), followed by the file name.
Options
getaccess recognizes the following options and command-line arguments:
-u user List access for the given user instead of the caller. A user can be a known user
name, a valid
ID number, or @, representing the file’s owner
ID. If information
about more than one file is requested, the value of @ can differ for each.
This option sets the user
ID only. The access check is made with the caller’s
effective group ID and supplementary group
IDs unless -g is also specified.
-g group [, group ] ... ]
List access for the given group(s) instead of the caller’s effective group
ID and sup-
plementary groups list. A group can be a known group name, a valid
ID number, or
@, representing the file’s group ID. If information about more than one file is
requested, the value of @ can differ for each.
-r List access using the caller’s real user ID,
group ID, and supplementary groups list,
instead of effective
ID values.
-n List access rights numerically (octal digits 0..7 instead of rwx) for each file
requested. The bit values R_OK, W_OK, and X_OK are defined in the file
<unistd.h>.
Checking access using access control lists is described in acl(5) and aclv (5).
In addition, the write bit is cleared for files on read-only file systems or shared-text programs being exe-
cuted. The execute bit is not turned off for shared-text programs open for writing because it is not possi-
ble to ascertain whether a file open for writing is a shared-text program.
Processes with appropriate privileges have read and write access to all files. However, write access is
denied for files on read-only file systems or shared-text programs being executed. Execute access is
allowed if and only if the file is not a regular file or the execute bit is set in any of the file’s
ACL entries.
To use
getaccess successfully, the caller must have search access in every directory component of the
path name of the file. getaccess verifies search access first by using the caller’s effective IDs, regard-
less of the user and group IDs specified. This is distinct from the case in which the caller can search the
path but the user for whom access is being checked does not have access to the file.
Note: a file name argument of
- has no special meaning (such as standard input) to getaccess.
EXTERNAL INFLUENCES
Environment Variables
LANG determines the language in which messages are displayed.
If
LANG is not specified or is set to the empty string, a default of "C" (see lang (5)) is used instead of
LANG. If any internationalization variable contains an invalid setting, getaccess behaves as if all
internationalization variables are set to "C". See environ (5).
RETURN VALUE
getaccess returns one of the following values:
0 Successful completion.
1
getaccess was invoked incorrectly or encountered an unknown user or group name. An
appropriate message is printed to standard error.
HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1