unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (HP-UX-11.11)
Page:
Section:
Apropos / Subsearch:
optional field



 getaccess(1)							getaccess(1)




 NAME
      getaccess - list access rights to file(s)

 SYNOPSIS
      getaccess [-u user] [-g user] group[,group]...] [-n] file ...

      getaccess -r [-n] file ...

 DESCRIPTION
      getaccess lists for the specified files the effective access rights of
      the caller (that is, for their effective user ID, effective group ID,
      and supplementary groups list).  By default, the command prints a
      symbolic representation of the user's access rights to the named file:
      r or - for read/no read, w or - for write/no write, and x or - for
      execute/no execute (for directories, search/no search), followed by
      the file name.

    Options
      getaccess recognizes the following options and command-line arguments:

	   -u user	  List access for the given user instead of the
			  caller.  A user can be a known user name, a valid
			  ID number, or @, representing the file's owner ID.
			  If information about more than one file is
			  requested, the value of @ can differ for each.

			  This option sets the user ID only.  The access
			  check is made with the caller's effective group ID
			  and supplementary group IDs unless -g is also
			  specified.

	   -g group[,group]...]
			  List access for the given group(s) instead of the
			  caller's effective group ID and supplementary
			  groups list.	A group can be a known group name, a
			  valid ID number, or @, representing the file's
			  group ID.  If information about more than one file
			  is requested, the value of @ can differ for each.

	   -r		  List access using the caller's real user ID, group
			  ID, and supplementary groups list, instead of
			  effective ID values.

	   -n		  List access rights numerically (octal digits 0..7
			  instead of rwx) for each file requested.  The bit
			  values R_OK, W_OK, and X_OK are defined in the
			  file <unistd.h>.

      Checking access using access control lists is described in acl(5) and
      aclv(5).




 Hewlett-Packard Company	    - 1 -   HP-UX Release 11i: November 2000






 getaccess(1)							getaccess(1)




      In addition, the write bit is cleared for files on read-only file
      systems or shared-text programs being executed.  The execute bit is
      not turned off for shared-text programs open for writing because it is
      not possible to ascertain whether a file open for writing is a
      shared-text program.

      Processes with appropriate privileges have read and write access to
      all files.  However, write access is denied for files on read-only
      file systems or shared-text programs being executed.  Execute access
      is allowed if and only if the file is not a regular file or the
      execute bit is set in any of the file's ACL entries.

      To use getaccess successfully, the caller must have search access in
      every directory component of the path name of the file.  getaccess
      verifies search access first by using the caller's effective IDs,
      regardless of the user and group IDs specified.  This is distinct from
      the case in which the caller can search the path but the user for whom
      access is being checked does not have access to the file.

      Note: a file name argument of - has no special meaning (such as
      standard input) to getaccess.

 EXTERNAL INFLUENCES
    Environment Variables
      LANG determines the language in which messages are displayed.

      If LANG is not specified or is set to the empty string, a default of
      "C" (see lang(5)) is used instead of LANG.  If any
      internationalization variable contains an invalid setting, getaccess
      behaves as if all internationalization variables are set to "C".	See
      environ(5).

 RETURN VALUE
      getaccess returns one of the following values:

	   0	Successful completion.

	   1	getaccess was invoked incorrectly or encountered an unknown
		user or group name.  An appropriate message is printed to
		standard error.

	   2	A file is nonexistent or unreachable (by the caller).
		getaccess prints an appropriate message to standard error,
		continues, then returns a value of 2 upon completion.

 EXAMPLES
      The following command prints the caller's access rights to file1 using
      the file's group ID instead of the caller's effective group ID and
      groups list.





 Hewlett-Packard Company	    - 2 -   HP-UX Release 11i: November 2000






 getaccess(1)							getaccess(1)




	   getaccess -g@ file1

      Here's how to check access by user ggd in groups red and 19 to all
      files in the current directory, with access rights expressed as octal
      values.

	   getaccess -u ggd -g red,19 -n .* *

      Here's how to list access rights for all files under mydir.

	   find mydir -print | sort | xargs getaccess

 AUTHOR
      getaccess was developed by HP.

 FILES
      /etc/passwd
      /etc/group

 SEE ALSO
      chacl(1), getacl(1), lsacl(1), setacl(1), getaccess(2), glossary(9).

































 Hewlett-Packard Company	    - 3 -   HP-UX Release 11i: November 2000