1 .\" Copyright (c) 1980, 1991, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. Neither the name of the University nor the names of its contributors
13 .\" may be used to endorse or promote products derived from this software
14 .\" without specific prior written permission.
16 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 .\" @(#)open.2 8.2 (Berkeley) 11/16/93
31 .Dd September 23, 2020
36 .Nd open or create a file for reading, writing or executing
42 .Fn open "const char *path" "int flags" "..."
44 .Fn openat "int fd" "const char *path" "int flags" "..."
46 The file name specified by
49 for either execution or reading and/or writing as specified by the
52 and the file descriptor returned to the calling process.
55 argument may indicate the file is to be
56 created if it does not exist (by specifying the
63 require an additional argument
65 and the file is created with mode
69 and modified by the process' umask value (see
74 function is equivalent to the
76 function except in the case where the
78 specifies a relative path, or the
85 the file to be opened is determined relative to the directory
86 associated with the file descriptor
88 instead of the current working directory.
91 parameter and the optional fourth parameter correspond exactly to
96 is passed the special value
100 parameter, the current working directory is used
101 and the behavior is identical to a call to
106 is called with an absolute
115 is specified with an absolute
117 a directory passed by the
119 argument is used as the topping point for the resolution.
122 is specified with a relative path, the
124 argument is used both as the starting point, and as the topping point
126 See the definition of the
139 must be strictly relative to a file descriptor
142 .Pa sys/kern/vfs_lookup.c .
144 must not be an absolute path and must not contain ".." components
145 which cause the path resolution to escape the directory hierarchy
148 Additionally, no symbolic link in
150 may target absolute path or contain escaping ".." components.
156 .Dv vfs.lookup_cap_dotdot
158 MIB is set to zero, ".." components in the paths,
159 used in capability mode, or with the
161 flag, are completely disabled.
163 .Dv vfs.lookup_cap_dotdot_nonlocal
164 MIB is set to zero, ".." is not allowed if found on non-local filesystem.
166 The flags specified are formed by
170 .Bd -literal -offset indent -compact
171 O_RDONLY open for reading only
172 O_WRONLY open for writing only
173 O_RDWR open for reading and writing
174 O_EXEC open for execute only
175 O_SEARCH open for search only, an alias for O_EXEC
176 O_NONBLOCK do not block on open
177 O_APPEND append on each write
178 O_CREAT create file if it does not exist
179 O_TRUNC truncate size to 0
180 O_EXCL error if create and file exists
181 O_SHLOCK atomically obtain a shared lock
182 O_EXLOCK atomically obtain an exclusive lock
183 O_DIRECT eliminate or reduce cache effects
184 O_FSYNC synchronous writes
185 O_SYNC synchronous writes
186 O_NOFOLLOW do not follow symlinks
189 O_DIRECTORY error if file is not a directory
190 O_CLOEXEC set FD_CLOEXEC upon open
191 O_VERIFY verify the contents of the file
192 O_BENEATH require resolved path to be strictly relative to topping directory
193 O_RESOLVE_BENEATH require walked path to be strictly relative to topping directory
198 set causes each write on the file
199 to be appended to the end.
203 file exists, the file is truncated to zero length.
213 implement a simple exclusive access locking mechanism.
216 is set and the last component of the pathname is
219 will fail even if the symbolic
220 link points to a non-existent name.
223 flag is specified and the
225 system call would result
226 in the process being blocked for some reason (e.g., waiting for
227 carrier on a dialup line),
230 The descriptor remains in non-blocking mode for subsequent operations.
234 is used in the mask, all writes will
235 immediately and synchronously be written to disk.
245 is used in the mask and the target file passed to
247 is a symbolic link then the
251 When opening a file, a lock with
253 semantics can be obtained by setting
255 for a shared lock, or
257 for an exclusive lock.
258 If creating a file with
260 the request for the lock will never fail
261 (provided that the underlying file system supports locking).
264 may be used to minimize or eliminate the cache effects of reading and writing.
265 The system will attempt to avoid caching the data you read or write.
266 If it cannot avoid caching the data,
267 it will minimize the impact the data has on the cache.
268 Use of this flag can drastically reduce performance if not used with care.
271 may be used to ensure the OS does not assign this file as the
272 controlling terminal when it opens a tty device.
273 This is the default on
280 system call will not assign controlling terminals on
284 may be used to ensure the OS restores the terminal attributes when
285 initially opening a TTY.
286 This is the default on
293 on a TTY will always restore default terminal attributes on
297 may be used to ensure the resulting file descriptor refers to a
299 This flag can be used to prevent applications with elevated privileges
300 from opening files which are even unsafe to open with
302 such as device nodes.
307 flag for the newly returned file descriptor.
310 may be used to indicate to the kernel that the contents of the file should
311 be verified before allowing the open to proceed.
314 means is implementation specific.
315 The run-time linker (rtld) uses this flag to ensure shared objects have
316 been verified before operating on them.
321 if the specified path, after resolving all symlinks and ".."
322 references, does not end up with tail residing in the directory hierarchy of
323 children beneath the topping directory.
324 Topping directory is the process current directory if relative
328 and the directory referenced by the
333 allows arbitrary prefix that ends up at the topping directory,
334 after which all further resolved components must be under it.
336 .Dv O_RESOLVE_BENEATH
339 if any intermediate component of the specified relative path does not
340 reside in the directory hierarchy beneath the topping directory.
343 absolute paths or even the temporal escape from beneath of the topping
344 directory is not allowed.
350 execute permissions are checked at open time.
353 may not be used for any read operations like
354 .Xr getdirentries 2 .
355 The primary use for this descriptor will be as the lookup descriptor for the
361 returns a non-negative integer, termed a file descriptor.
362 It returns \-1 on failure.
363 The file pointer used to mark the current position within the
364 file is set to the beginning of the file.
366 If a sleeping open of a device node from
368 is interrupted by a signal, the call always fails with
372 flag is set for the signal.
373 A sleeping open of a fifo (see
375 is restarted as normal.
377 When a new file is created it is given the group of the directory
383 the new descriptor is set to remain open across
392 The system imposes a limit on the number of file descriptors
393 open simultaneously by one process.
396 system call returns the current system limit.
402 return a non-negative integer, termed a file descriptor.
403 They return \-1 on failure, and set
405 to indicate the error.
407 The named file is opened unless:
410 A component of the path prefix is not a directory.
411 .It Bq Er ENAMETOOLONG
412 A component of a pathname exceeded 255 characters,
413 or an entire path name exceeded 1023 characters.
416 is not set and the named file does not exist.
418 A component of the path name that must exist does not exist.
420 Search permission is denied for a component of the path prefix.
422 The required permissions (for reading and/or writing)
423 are denied for the given flags.
426 is specified and write permission is denied.
430 the file does not exist,
431 and the directory in which it is to be created
432 does not permit writing.
435 is specified, the file does not exist, and the directory in which it is to be
436 created has its immutable flag set, see the
438 manual page for more information.
440 The named file has its immutable flag set and the file is to be modified.
442 The named file has its append-only flag set, the file is to be modified, and
448 Too many symbolic links were encountered in translating the pathname.
450 The named file is a directory, and the arguments specify
451 it is to be modified.
453 The named file is a directory, and the flags specified
458 The named file resides on a read-only file system,
459 and the file is to be modified.
462 is specified and the named file would reside on a read-only file system.
464 The process has already reached its limit for open file descriptors.
466 The system file table is full.
469 was specified and the target is a symbolic link.
471 The named file is a character special or block
472 special file, and the device associated with this special file
476 is set, the named file is a fifo,
478 is set, and no process has the file open for reading.
482 operation was interrupted by a signal.
487 is specified but the underlying file system does not support locking.
489 The named file is a special file mounted through a file system that
490 does not support access to it (e.g.\& NFS).
491 .It Bq Er EWOULDBLOCK
497 is specified and the file is locked.
501 the file does not exist,
502 and the directory in which the entry for the new file is being placed
503 cannot be extended because there is no space left on the file
504 system containing the directory.
508 the file does not exist,
509 and there are no free inodes on the file system on which the
510 file is being created.
514 the file does not exist,
515 and the directory in which the entry for the new file
516 is being placed cannot be extended because the
517 user's quota of disk blocks on the file system
518 containing the directory has been exhausted.
522 the file does not exist,
523 and the user's quota of inodes on the file system on
524 which the file is being created has been exhausted.
526 An I/O error occurred while making the directory entry or
527 allocating the inode for
530 Corrupted data was detected while reading from the file system.
532 The file is a pure procedure (shared text) file that is being
535 system call requests write access.
540 points outside the process's allocated address space.
545 were specified and the file exists.
547 An attempt was made to open a socket (not currently implemented).
549 An attempt was made to open a descriptor with an illegal combination
561 .Dv O_RESOLVE_BENEATH
562 flag is specified and
568 argument does not specify an absolute path and the
573 nor a valid file descriptor open for searching.
577 argument is not an absolute path and
581 nor a file descriptor associated with a directory.
584 is specified and the file is not a directory.
587 is specified and the process is in capability mode.
590 was called and the process is in capability mode.
591 .It Bq Er ENOTCAPABLE
594 or contained a ".." component leading to a
595 directory outside of the directory hierarchy specified by
597 and the process is in capability mode.
598 .It Bq Er ENOTCAPABLE
601 flag was provided, and the absolute
603 does not have its tail fully contained under the topping directory,
607 .It Bq Er ENOTCAPABLE
609 .Dv O_RESOLVE_BENEATH
610 flag was provided, and the relative
612 escapes topping directory.
620 .Xr getdtablesize 2 ,
630 These functions are specified by
636 .Er EMLINK instead of
642 is set in flags and the final component of pathname is a symbolic link
643 to distinguish it from the case of too many symbolic link traversals
644 in one of its non-final components.
652 function was introduced in
655 The Open Group Extended API Set 2 specification requires that the test
658 is searchable is based on whether
660 is open for searching, not whether the underlying directory currently
662 The present implementation of the
664 checks the current permissions of directory instead.
668 argument is variadic and may result in different calling conventions
669 than might otherwise be expected.