1 .\" Copyright (c) 1980, 1991, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. Neither the name of the University nor the names of its contributors
13 .\" may be used to endorse or promote products derived from this software
14 .\" without specific prior written permission.
16 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 .Nd open or create a file for reading, writing or executing
39 .Fn open "const char *path" "int flags" "..."
41 .Fn openat "int fd" "const char *path" "int flags" "..."
43 The file name specified by
46 for either execution or reading and/or writing as specified by the
49 and the file descriptor returned to the calling process.
52 argument may indicate the file is to be
53 created if it does not exist (by specifying the
60 require an additional argument
62 and the file is created with mode
66 and modified by the process' umask value (see
71 function is equivalent to the
73 function except in the case where the
75 specifies a relative path.
80 the file to be opened is determined relative to the directory
81 associated with the file descriptor
83 instead of the current working directory.
86 parameter and the optional fourth parameter correspond exactly to
91 is passed the special value
95 parameter, the current working directory is used
96 and the behavior is identical to a call to
101 is called with an absolute
116 must be strictly relative to a file descriptor
119 must not be an absolute path and must not contain ".." components
120 which cause the path resolution to escape the directory hierarchy
123 Additionally, no symbolic link in
125 may target absolute path or contain escaping ".." components.
131 .Dv vfs.lookup_cap_dotdot
133 MIB is set to zero, ".." components in the paths,
134 used in capability mode,
135 are completely disabled.
137 .Dv vfs.lookup_cap_dotdot_nonlocal
138 MIB is set to zero, ".." is not allowed if found on non-local filesystem.
140 The flags specified are formed by
144 .Bd -literal -offset indent -compact
145 O_RDONLY open for reading only
146 O_WRONLY open for writing only
147 O_RDWR open for reading and writing
148 O_EXEC open for execute only
149 O_SEARCH open for search only, an alias for O_EXEC
150 O_NONBLOCK do not block on open
151 O_APPEND append on each write
152 O_CREAT create file if it does not exist
153 O_TRUNC truncate size to 0
154 O_EXCL error if create and file exists
155 O_SHLOCK atomically obtain a shared lock
156 O_EXLOCK atomically obtain an exclusive lock
157 O_DIRECT eliminate or reduce cache effects
158 O_FSYNC synchronous writes (historical synonym for O_SYNC)
159 O_SYNC synchronous writes
160 O_DSYNC synchronous data writes
161 O_NOFOLLOW do not follow symlinks
164 O_DIRECTORY error if file is not a directory
165 O_CLOEXEC set FD_CLOEXEC upon open
166 O_VERIFY verify the contents of the file
167 O_RESOLVE_BENEATH path resolution must not cross the fd directory
168 O_PATH record only the target path in the opened descriptor
169 O_EMPTY_PATH openat, open file referenced by fd if path is empty
174 set causes each write on the file
175 to be appended to the end.
179 file exists, the file is truncated to zero length.
189 implement a simple exclusive access locking mechanism.
192 is set and the last component of the pathname is
195 will fail even if the symbolic
196 link points to a non-existent name.
199 flag is specified and the
201 system call would result
202 in the process being blocked for some reason (e.g., waiting for
203 carrier on a dialup line),
206 The descriptor remains in non-blocking mode for subsequent operations.
210 is used in the mask, all writes will
211 immediately and synchronously be written to disk.
213 is an historical synonym for
218 is used in the mask, all data and metadata required to read the data will be
219 synchronously written to disk, but changes to metadata such as file access and
220 modification timestamps may be written later.
224 is used in the mask and the target file passed to
226 is a symbolic link then the
230 When opening a file, a lock with
232 semantics can be obtained by setting
234 for a shared lock, or
236 for an exclusive lock.
237 If creating a file with
239 the request for the lock will never fail
240 (provided that the underlying file system supports locking).
243 may be used to minimize or eliminate the cache effects of reading and writing.
244 The system will attempt to avoid caching the data you read or write.
245 If it cannot avoid caching the data,
246 it will minimize the impact the data has on the cache.
247 Use of this flag can drastically reduce performance if not used with care.
250 may be used to ensure the OS does not assign this file as the
251 controlling terminal when it opens a tty device.
252 This is the default on
259 system call will not assign controlling terminals on
263 may be used to ensure the OS restores the terminal attributes when
264 initially opening a TTY.
265 This is the default on
272 on a TTY will always restore default terminal attributes on
276 may be used to ensure the resulting file descriptor refers to a
278 This flag can be used to prevent applications with elevated privileges
279 from opening files which are even unsafe to open with
281 such as device nodes.
286 flag for the newly returned file descriptor.
289 may be used to indicate to the kernel that the contents of the file should
290 be verified before allowing the open to proceed.
293 means is implementation specific.
294 The run-time linker (rtld) uses this flag to ensure shared objects have
295 been verified before operating on them.
297 .Dv O_RESOLVE_BENEATH
300 if any intermediate component of the specified relative path does not
301 reside in the directory hierarchy beneath the starting directory.
302 Absolute paths or even the temporal escape from beneath of the starting
303 directory is not allowed.
309 execute permissions are checked at open time.
312 may not be used for any read operations like
313 .Xr getdirentries 2 .
314 The primary use for this descriptor will be as the lookup descriptor for the
319 returns a file descriptor that can be used as a directory file descriptor for
321 and other system calls taking a file descriptor argument, like
324 The other functionality of the returned file descriptor is limited to
325 the descriptor-level operations.
327 .Bl -tag -width readlinkat(2) -offset indent -compact
329 but advisory locking is not allowed
344 .It Xr __acl_get_fd 2 , Xr __acl_aclcheck_fd 2
349 and any other that operate on file and not on file descriptor (except
353 A file descriptor created with the
355 flag can be opened into normal (operable) file descriptor by
364 Such an open behaves as if the current path of the file referenced by
366 is passed, except that the path walk permissions are not checked.
367 See also the description of
371 and related syscalls.
375 returns a non-negative integer, termed a file descriptor.
376 It returns \-1 on failure.
377 The file pointer used to mark the current position within the
378 file is set to the beginning of the file.
380 If a sleeping open of a device node from
382 is interrupted by a signal, the call always fails with
386 flag is set for the signal.
387 A sleeping open of a fifo (see
389 is restarted as normal.
391 When a new file is created it is given the group of the directory
397 the new descriptor is set to remain open across
406 The system imposes a limit on the number of file descriptors
407 open simultaneously by one process.
410 system call returns the current system limit.
416 return a non-negative integer, termed a file descriptor.
417 They return \-1 on failure, and set
419 to indicate the error.
421 The named file is opened unless:
424 A component of the path prefix is not a directory.
425 .It Bq Er ENAMETOOLONG
426 A component of a pathname exceeded 255 characters,
427 or an entire path name exceeded 1023 characters.
430 is not set and the named file does not exist.
432 A component of the path name that must exist does not exist.
434 Search permission is denied for a component of the path prefix.
436 The required permissions (for reading and/or writing)
437 are denied for the given flags.
440 is specified and write permission is denied.
444 the file does not exist,
445 and the directory in which it is to be created
446 does not permit writing.
449 is specified, the file does not exist, and the directory in which it is to be
450 created has its immutable flag set, see the
452 manual page for more information.
454 The named file has its immutable flag set and the file is to be modified.
456 The named file has its append-only flag set, the file is to be modified, and
462 Too many symbolic links were encountered in translating the pathname.
464 The named file is a directory, and the arguments specify
465 it is to be modified.
467 The named file is a directory, and the flags specified
472 The named file resides on a read-only file system,
473 and the file is to be modified.
476 is specified and the named file would reside on a read-only file system.
478 The process has already reached its limit for open file descriptors.
480 The system file table is full.
483 was specified and the target is a symbolic link.
485 The named file is a character special or block
486 special file, and the device associated with this special file
490 is set, the named file is a fifo,
492 is set, and no process has the file open for reading.
496 operation was interrupted by a signal.
501 is specified but the underlying file system does not support locking.
503 The named file is a special file mounted through a file system that
504 does not support access to it (e.g.\& NFS).
505 .It Bq Er EWOULDBLOCK
511 is specified and the file is locked.
515 the file does not exist,
516 and the directory in which the entry for the new file is being placed
517 cannot be extended because there is no space left on the file
518 system containing the directory.
522 the file does not exist,
523 and there are no free inodes on the file system on which the
524 file is being created.
528 the file does not exist,
529 and the directory in which the entry for the new file
530 is being placed cannot be extended because the
531 user's quota of disk blocks on the file system
532 containing the directory has been exhausted.
536 the file does not exist,
537 and the user's quota of inodes on the file system on
538 which the file is being created has been exhausted.
540 An I/O error occurred while making the directory entry or
541 allocating the inode for
544 Corrupted data was detected while reading from the file system.
546 The file is a pure procedure (shared text) file that is being
549 system call requests write access.
554 points outside the process's allocated address space.
559 were specified and the file exists.
561 An attempt was made to open a socket (not currently implemented).
563 An attempt was made to open a descriptor with an illegal combination
576 argument does not specify an absolute path and the
581 nor a valid file descriptor open for searching.
585 argument is not an absolute path and
589 nor a file descriptor associated with a directory.
592 is specified and the file is not a directory.
595 is specified and the process is in capability mode.
598 was called and the process is in capability mode.
599 .It Bq Er ENOTCAPABLE
601 is an absolute path and the process is in capability mode.
602 .It Bq Er ENOTCAPABLE
604 is an absolute path and
605 .Dv O_RESOLVE_BENEATH
607 .It Bq Er ENOTCAPABLE
609 contains a ".." component leading to a directory outside
610 of the directory hierarchy specified by
612 and the process is in capability mode.
613 .It Bq Er ENOTCAPABLE
615 contains a ".." component leading to a directory outside
616 of the directory hierarchy specified by
619 .Dv O_RESOLVE_BENEATH
621 .It Bq Er ENOTCAPABLE
623 contains a ".." component, the
624 .Dv vfs.lookup_cap_dotdot
626 is set, and the process is in capability mode.
634 .Xr getdtablesize 2 ,
644 These functions are specified by
650 .Er EMLINK instead of
656 is set in flags and the final component of pathname is a symbolic link
657 to distinguish it from the case of too many symbolic link traversals
658 in one of its non-final components.
666 function was introduced in
671 The Open Group Extended API Set 2 specification requires that the test
674 is searchable is based on whether
676 is open for searching, not whether the underlying directory currently
678 The present implementation of the
680 checks the current permissions of directory instead.
684 argument is variadic and may result in different calling conventions
685 than might otherwise be expected.