NAME [Toc] [Back]
getaccess - list access rights to file(s)
SYNOPSIS [Toc] [Back]
getaccess [-u user] [-g user] group[,group]...] [-n] file ...
getaccess -r [-n] file ...
DESCRIPTION [Toc] [Back]
getaccess lists for the specified files the effective access rights of
the caller (that is, for their effective user ID, effective group ID,
and supplementary groups list). By default, the command prints a
symbolic representation of the user's access rights to the named file:
r or - for read/no read, w or - for write/no write, and x or - for
execute/no execute (for directories, search/no search), followed by
the file name.
Options [Toc] [Back]
getaccess recognizes the following options and command-line arguments:
-u user List access for the given user instead of the
caller. A user can be a known user name, a valid
ID number, or @, representing the file's owner ID.
If information about more than one file is
requested, the value of @ can differ for each.
This option sets the user ID only. The access
check is made with the caller's effective group ID
and supplementary group IDs unless -g is also
List access for the given group(s) instead of the
caller's effective group ID and supplementary
groups list. A group can be a known group name, a
valid ID number, or @, representing the file's
group ID. If information about more than one file
is requested, the value of @ can differ for each.
-r List access using the caller's real user ID, group
ID, and supplementary groups list, instead of
effective ID values.
-n List access rights numerically (octal digits 0..7
instead of rwx) for each file requested. The bit
values R_OK, W_OK, and X_OK are defined in the
Checking access using access control lists is described in acl(5) and
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: August 2003
In addition, the write bit is cleared for files on read-only file
systems or shared-text programs being executed. The execute bit is
not turned off for shared-text programs open for writing because it is
not possible to ascertain whether a file open for writing is a
Processes with appropriate privileges have read and write access to
all files. However, write access is denied for files on read-only
file systems or shared-text programs being executed. Execute access
is allowed if and only if the file is not a regular file or the
execute bit is set in any of the file's ACL entries.
To use getaccess successfully, the caller must have search access in
every directory component of the path name of the file. getaccess
verifies search access first by using the caller's effective IDs,
regardless of the user and group IDs specified. This is distinct from
the case in which the caller can search the path but the user for whom
access is being checked does not have access to the file.
Note: a file name argument of - has no special meaning (such as
standard input) to getaccess.
EXTERNAL INFLUENCES [Toc] [Back]
LANG determines the language in which messages are displayed.
If LANG is not specified or is set to the empty string, a default of
"C" (see lang(5)) is used instead of LANG. If any
internationalization variable contains an invalid setting, getaccess
behaves as if all internationalization variables are set to "C". See
RETURN VALUE [Toc] [Back]
getaccess returns one of the following values:
0 Successful completion.
1 getaccess was invoked incorrectly or encountered an unknown
user or group name. An appropriate message is printed to
2 A file is nonexistent or unreachable (by the caller).
getaccess prints an appropriate message to standard error,
continues, then returns a value of 2 upon completion.
EXAMPLES [Toc] [Back]
The following command prints the caller's access rights to file1 using
the file's group ID instead of the caller's effective group ID and
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: August 2003
getaccess -g@ file1
Here's how to check access by user ggd in groups red and 19 to all
files in the current directory, with access rights expressed as octal
getaccess -u ggd -g red,19 -n .* *
Here's how to list access rights for all files under mydir.
find mydir -print | sort | xargs getaccess
AUTHOR [Toc] [Back]
getaccess was developed by HP.
FILES [Toc] [Back]
SEE ALSO [Toc] [Back]
chacl(1), getacl(1), lsacl(1), setacl(1), getaccess(2), glossary(9).
Hewlett-Packard Company - 3 - HP-UX 11i Version 2: August 2003 [ Back ]