summaryrefslogtreecommitdiffstats
path: root/man2/path_resolution.2
diff options
context:
space:
mode:
Diffstat (limited to 'man2/path_resolution.2')
-rw-r--r--man2/path_resolution.2212
1 files changed, 212 insertions, 0 deletions
diff --git a/man2/path_resolution.2 b/man2/path_resolution.2
new file mode 100644
index 000000000..ec6dcd3de
--- /dev/null
+++ b/man2/path_resolution.2
@@ -0,0 +1,212 @@
+.\" Copyright (C) 2003 Andries Brouwer (aeb@cwi.nl)
+.\"
+.\" Permission is granted to make and distribute verbatim copies of this
+.\" manual provided the copyright notice and this permission notice are
+.\" preserved on all copies.
+.\"
+.\" Permission is granted to copy and distribute modified versions of this
+.\" manual under the conditions for verbatim copying, provided that the
+.\" entire resulting derived work is distributed under the terms of a
+.\" permission notice identical to this one.
+.\"
+.\" Since the Linux kernel and libraries are constantly changing, this
+.\" manual page may be incorrect or out-of-date. The author(s) assume no
+.\" responsibility for errors or omissions, or for damages resulting from
+.\" the use of the information contained herein. The author(s) may not
+.\" have taken the same level of care in the production of this manual,
+.\" which is licensed free of charge, as they might when working
+.\" professionally.
+.\"
+.\" Formatted or processed versions of this manual, if unaccompanied by
+.\" the source, must acknowledge the copyright and authors of this work.
+.\"
+.TH PATH_RESOLUTION 2 2004-06-21 "Linux 2.6.7" "Linux Programmer's Manual"
+.SH NAME
+Unix/Linux path resolution \- find the file referred to by a filename
+.SH DESCRIPTION
+Some Unix/Linux system calls have as parameter one or more filenames.
+A filename (or pathname) is resolved as follows.
+
+.SS "Step 1: Start of the resolution process"
+If the pathname starts with the '/' character, the starting lookup directory
+is the root directory of the current process. (A process inherits its
+root directory from its parent. Usually this will be the root directory
+of the file hierarchy. A process may get a different root directory
+by use of the
+.BR chroot (2)
+system call. A process may get an entirely private namespace in case
+it - or one of its ancestors - was started by an invocation of the
+.BR clone (2)
+system call that had the CLONE_NEWNS flag set.)
+This handles the '/' part of the pathname.
+
+If the pathname does not start with the '/' character, the
+starting lookup directory of the resolution process is the current working
+directory of the process. (This is also inherited from the parent.
+It can be changed by use of the
+.BR chdir (2)
+system call.)
+
+Pathnames starting with a '/' character are called absolute pathnames.
+Pathnames not starting with a '/' are called relative pathnames.
+
+.SS "Step 2: Walk along the path"
+Set the current lookup directory to the starting lookup directory.
+Now, for each non-final component of the pathname, where a component
+is a substring delimited by '/' characters, this component is looked up
+in the current lookup directory.
+
+If the process does not have search permission on the current lookup directory,
+an EACCES error is returned ("Permission denied").
+
+If the component is not found, an ENOENT error is returned
+("No such file or directory").
+
+If the component is found, but is neither a directory nor a symbolic link,
+an ENOTDIR error is returned ("Not a directory").
+
+If the component is found and is a directory, we set the
+current lookup directory to that directory, and go to the
+next component.
+
+If the component is found and is a symbolic link (symlink), we first
+resolve this symbolic link (with the current lookup directory
+as starting lookup directory). Upon error, that error is returned.
+If the result is not a directory, an ENOTDIR error is returned.
+If the resolution of the symlink is successful and returns a directory,
+we set the current lookup directory to that directory, and go to
+the next component.
+Note that the resolution process here involves recursion.
+In order to protect the kernel against stack overflow, and also
+to protect against denial of service, there are limits on the
+maximum recursion depth, and on the maximum number of symlinks
+followed. An ELOOP error is returned when the maximum is
+exceeded ("Too many levels of symbolic links").
+.\"
+.\" presently: max recursion depth during symlink resolution: 5
+.\" max total number of symlinks followed: 40
+.\" _POSIX_SYMLOOP_MAX is 8
+
+.SS "Step 3: Find the final entry"
+The lookup of the final component of the pathname goes just like
+that of all other components, as described in the previous step,
+with two differences: (i) the final component need not be a
+directory (at least as far as the path resolution process is concerned -
+it may have to be a directory, or a non-directory, because of
+the requirements of the specific system call), and (ii) it
+is not necessarily an error if the component is not found -
+maybe we are just creating it. The details on the treatment
+of the final entry are described in the manual pages of the specific
+system calls.
+
+.SS ". and .."
+By convention, every directory has the entries "." and "..",
+which refer to the directory itself and to its parent directory,
+respectively.
+
+The path resolution process will assume that these entries have
+their conventional meanings, regardless of whether they are
+actually present in the physical filesystem.
+
+One cannot walk down past the root: "/.." is the same as "/".
+
+.SS "Mount points"
+After a "mount dev path" command, the pathname "path" refers to
+the root of the filesystem hierarchy on the device "dev", and no
+longer to whatever it referred to earlier.
+
+One can walk out of a mounted filesystem: "path/.." refers to
+the parent directy of "path", outside of the filesystem hierarchy on "dev".
+
+.SS "Trailing slashes"
+If a pathname ends in a '/', that forces resolution of the preceding
+component as in Step 2 - it has to exist and resolve to a directory.
+Otherwise a trailing '/' is ignored.
+(Or, equivalently, a pathname with a trailing '/' is equivalent to
+the pathname obtained by appending '.' to it.)
+
+.SS "Final symlink"
+If the last component of a pathname is a symbolic link, then it
+depends on the system call whether the file referred to will be
+the symbolic link or the result of path resolution on its contents.
+For example, the system call
+.BR lstat (2)
+will operate on the symlink, while
+.BR stat (2)
+operates on the file pointed to by the symlink.
+
+.SS "Length limit"
+There is a maximum length for pathnames. If the pathname (or some
+intermediate pathname obtained while resolving symbolic links)
+is too long, an ENAMETOOLONG error is returned ("File name too long").
+
+.SS "Empty pathname"
+In the original Unix, the empty pathname referred to the current directory.
+Nowadays POSIX decrees that an empty pathname must not be resolved
+successfully. Linux returns ENOENT in this case.
+
+.SS "Permissions"
+The permission bits of a file consist of three groups of three bits, cf.\&
+.BR chmod (1)
+and
+.BR stat (2).
+The first group of three is used when the effective user ID of
+the current process equals the owner ID of the file. The second group
+of three is used when the group ID of the file either equals the
+effective group ID of the current process, or is one of the
+supplementary group IDs of the current process (as set by
+.BR setgroups (2)).
+When neither holds, the third group is used.
+
+Of the three bits used, the first bit determines read permission,
+the second write permission, and the last execute permission
+in case of ordinary files, or search permission in case of directories.
+
+Linux uses the fsuid instead of the effective user ID in permission checks.
+Ordinarily the fsuid will equal the effective user ID, but the fsuid can be
+changed by the system call
+.BR setfsuid (2).
+
+(Here "fsuid" stands for something like "file system user ID".
+The concept was required for the implementation of a user space
+NFS server at a time when processes could send a signal to a process
+with the same effective user ID. It is obsolete now. Nobody should use
+.BR setfsuid (2).)
+
+Similarly, Linux uses the fsgid instead of the effective group ID. See
+.BR setfsgid (2).
+
+.\" say sth on fs mounted read-only ?
+
+.SS "Capabilities"
+If the permission bits of the file deny whatever is asked, permission
+can still be granted by the appropriate capabilities.
+
+Traditional systems do not use capabilities and root (user ID 0) is
+all-powerful. Such systems are presently (2.6.7) handled by giving root
+all capabilities except for CAP_SETPCAP. More precisely, at exec time
+a process gets all capabilities except CAP_SETPCAP and the five capabilities
+CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH, CAP_FOWNER, CAP_FSETID,
+in case it has zero euid, and it gets these last five capabilities
+in case it has zero fsuid, while all other processes get no capabilities.
+
+The CAP_DAC_OVERRIDE capability overrides all permission checking,
+but will only grant execute permission when at least one
+of the three execute permission bits is set.
+
+The CAP_DAC_READ_SEARCH capability will grant read and search permission
+on directories, and read permission on ordinary files.
+
+.\" Is there a better place for this?
+The CAP_SYS_ADMIN capability will (e.g.) allow a process to violate
+the limit (visible in
+.IR /proc/sys/fs/file-max )
+on the maximum number of open files in the system, where a process
+lacking that capability would see an ENFILE error return.
+
+.\" say sth on immutable files
+
+.\" say sth on ACLs
+
+.SH "SEE ALSO"
+.BR capabilities (7)
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-14 11:25:42 +0000