1 .\" Copyright (c) 1980, 1991, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. Neither the name of the University nor the names of its contributors
13 .\" may be used to endorse or promote products derived from this software
14 .\" without specific prior written permission.
16 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 .\" @(#)open.2 8.2 (Berkeley) 11/16/93
36 .Nd open or create a file for reading, writing or executing
42 .Fn open "const char *path" "int flags" "..."
44 .Fn openat "int fd" "const char *path" "int flags" "..."
46 The file name specified by
49 for either execution or reading and/or writing as specified by the
52 and the file descriptor returned to the calling process.
55 argument may indicate the file is to be
56 created if it does not exist (by specifying the
63 require an additional argument
65 and the file is created with mode
69 and modified by the process' umask value (see
74 function is equivalent to the
76 function except in the case where the
78 specifies a relative path.
83 the file to be opened is determined relative to the directory
84 associated with the file descriptor
86 instead of the current working directory.
89 parameter and the optional fourth parameter correspond exactly to
94 is passed the special value
98 parameter, the current working directory is used
99 and the behavior is identical to a call to
104 is called with an absolute
119 must be strictly relative to a file descriptor
122 must not be an absolute path and must not contain ".." components
123 which cause the path resolution to escape the directory hierarchy
126 Additionally, no symbolic link in
128 may target absolute path or contain escaping ".." components.
134 .Dv vfs.lookup_cap_dotdot
136 MIB is set to zero, ".." components in the paths,
137 used in capability mode,
138 are completely disabled.
140 .Dv vfs.lookup_cap_dotdot_nonlocal
141 MIB is set to zero, ".." is not allowed if found on non-local filesystem.
143 The flags specified are formed by
147 .Bd -literal -offset indent -compact
148 O_RDONLY open for reading only
149 O_WRONLY open for writing only
150 O_RDWR open for reading and writing
151 O_EXEC open for execute only
152 O_SEARCH open for search only, an alias for O_EXEC
153 O_NONBLOCK do not block on open
154 O_APPEND append on each write
155 O_CREAT create file if it does not exist
156 O_TRUNC truncate size to 0
157 O_EXCL error if create and file exists
158 O_SHLOCK atomically obtain a shared lock
159 O_EXLOCK atomically obtain an exclusive lock
160 O_DIRECT eliminate or reduce cache effects
161 O_FSYNC synchronous writes (historical synonym for O_SYNC)
162 O_SYNC synchronous writes
163 O_DSYNC synchronous data writes
164 O_NOFOLLOW do not follow symlinks
167 O_DIRECTORY error if file is not a directory
168 O_CLOEXEC set FD_CLOEXEC upon open
169 O_VERIFY verify the contents of the file
170 O_RESOLVE_BENEATH path resolution must not cross the fd directory
175 set causes each write on the file
176 to be appended to the end.
180 file exists, the file is truncated to zero length.
190 implement a simple exclusive access locking mechanism.
193 is set and the last component of the pathname is
196 will fail even if the symbolic
197 link points to a non-existent name.
200 flag is specified and the
202 system call would result
203 in the process being blocked for some reason (e.g., waiting for
204 carrier on a dialup line),
207 The descriptor remains in non-blocking mode for subsequent operations.
211 is used in the mask, all writes will
212 immediately and synchronously be written to disk.
214 is an historical synonym for
219 is used in the mask, all data and metadata required to read the data will be
220 synchronously written to disk, but changes to metadata such as file access and
221 modification timestamps may be written later.
225 is used in the mask and the target file passed to
227 is a symbolic link then the
231 When opening a file, a lock with
233 semantics can be obtained by setting
235 for a shared lock, or
237 for an exclusive lock.
238 If creating a file with
240 the request for the lock will never fail
241 (provided that the underlying file system supports locking).
244 may be used to minimize or eliminate the cache effects of reading and writing.
245 The system will attempt to avoid caching the data you read or write.
246 If it cannot avoid caching the data,
247 it will minimize the impact the data has on the cache.
248 Use of this flag can drastically reduce performance if not used with care.
251 may be used to ensure the OS does not assign this file as the
252 controlling terminal when it opens a tty device.
253 This is the default on
260 system call will not assign controlling terminals on
264 may be used to ensure the OS restores the terminal attributes when
265 initially opening a TTY.
266 This is the default on
273 on a TTY will always restore default terminal attributes on
277 may be used to ensure the resulting file descriptor refers to a
279 This flag can be used to prevent applications with elevated privileges
280 from opening files which are even unsafe to open with
282 such as device nodes.
287 flag for the newly returned file descriptor.
290 may be used to indicate to the kernel that the contents of the file should
291 be verified before allowing the open to proceed.
294 means is implementation specific.
295 The run-time linker (rtld) uses this flag to ensure shared objects have
296 been verified before operating on them.
298 .Dv O_RESOLVE_BENEATH
301 if any intermediate component of the specified relative path does not
302 reside in the directory hierarchy beneath the starting directory.
303 Absolute paths or even the temporal escape from beneath of the starting
304 directory is not allowed.
310 execute permissions are checked at open time.
313 may not be used for any read operations like
314 .Xr getdirentries 2 .
315 The primary use for this descriptor will be as the lookup descriptor for the
321 returns a non-negative integer, termed a file descriptor.
322 It returns \-1 on failure.
323 The file pointer used to mark the current position within the
324 file is set to the beginning of the file.
326 If a sleeping open of a device node from
328 is interrupted by a signal, the call always fails with
332 flag is set for the signal.
333 A sleeping open of a fifo (see
335 is restarted as normal.
337 When a new file is created it is given the group of the directory
343 the new descriptor is set to remain open across
352 The system imposes a limit on the number of file descriptors
353 open simultaneously by one process.
356 system call returns the current system limit.
362 return a non-negative integer, termed a file descriptor.
363 They return \-1 on failure, and set
365 to indicate the error.
367 The named file is opened unless:
370 A component of the path prefix is not a directory.
371 .It Bq Er ENAMETOOLONG
372 A component of a pathname exceeded 255 characters,
373 or an entire path name exceeded 1023 characters.
376 is not set and the named file does not exist.
378 A component of the path name that must exist does not exist.
380 Search permission is denied for a component of the path prefix.
382 The required permissions (for reading and/or writing)
383 are denied for the given flags.
386 is specified and write permission is denied.
390 the file does not exist,
391 and the directory in which it is to be created
392 does not permit writing.
395 is specified, the file does not exist, and the directory in which it is to be
396 created has its immutable flag set, see the
398 manual page for more information.
400 The named file has its immutable flag set and the file is to be modified.
402 The named file has its append-only flag set, the file is to be modified, and
408 Too many symbolic links were encountered in translating the pathname.
410 The named file is a directory, and the arguments specify
411 it is to be modified.
413 The named file is a directory, and the flags specified
418 The named file resides on a read-only file system,
419 and the file is to be modified.
422 is specified and the named file would reside on a read-only file system.
424 The process has already reached its limit for open file descriptors.
426 The system file table is full.
429 was specified and the target is a symbolic link.
431 The named file is a character special or block
432 special file, and the device associated with this special file
436 is set, the named file is a fifo,
438 is set, and no process has the file open for reading.
442 operation was interrupted by a signal.
447 is specified but the underlying file system does not support locking.
449 The named file is a special file mounted through a file system that
450 does not support access to it (e.g.\& NFS).
451 .It Bq Er EWOULDBLOCK
457 is specified and the file is locked.
461 the file does not exist,
462 and the directory in which the entry for the new file is being placed
463 cannot be extended because there is no space left on the file
464 system containing the directory.
468 the file does not exist,
469 and there are no free inodes on the file system on which the
470 file is being created.
474 the file does not exist,
475 and the directory in which the entry for the new file
476 is being placed cannot be extended because the
477 user's quota of disk blocks on the file system
478 containing the directory has been exhausted.
482 the file does not exist,
483 and the user's quota of inodes on the file system on
484 which the file is being created has been exhausted.
486 An I/O error occurred while making the directory entry or
487 allocating the inode for
490 Corrupted data was detected while reading from the file system.
492 The file is a pure procedure (shared text) file that is being
495 system call requests write access.
500 points outside the process's allocated address space.
505 were specified and the file exists.
507 An attempt was made to open a socket (not currently implemented).
509 An attempt was made to open a descriptor with an illegal combination
521 .Dv O_RESOLVE_BENEATH
522 flag is specified and
528 argument does not specify an absolute path and the
533 nor a valid file descriptor open for searching.
537 argument is not an absolute path and
541 nor a file descriptor associated with a directory.
544 is specified and the file is not a directory.
547 is specified and the process is in capability mode.
550 was called and the process is in capability mode.
551 .It Bq Er ENOTCAPABLE
554 or contained a ".." component leading to a
555 directory outside of the directory hierarchy specified by
557 and the process is in capability mode.
558 .It Bq Er ENOTCAPABLE
560 .Dv O_RESOLVE_BENEATH
561 flag was provided, and the relative
573 .Xr getdtablesize 2 ,
583 These functions are specified by
589 .Er EMLINK instead of
595 is set in flags and the final component of pathname is a symbolic link
596 to distinguish it from the case of too many symbolic link traversals
597 in one of its non-final components.
605 function was introduced in
610 The Open Group Extended API Set 2 specification requires that the test
613 is searchable is based on whether
615 is open for searching, not whether the underlying directory currently
617 The present implementation of the
619 checks the current permissions of directory instead.
623 argument is variadic and may result in different calling conventions
624 than might otherwise be expected.