getaccess(1)getaccess(1)NAMEgetaccess - list access rights to file(s)SYNOPSIS
user] user] group[,group]...] file ...
lists for the specified files the effective access rights of the caller
(that is, for their effective user ID, effective group ID, and supple‐
mentary groups list). By default, the command prints a symbolic repre‐
sentation of the user's access rights to the named file: or for read/no
read, or for write/no write, and or for execute/no execute (for direc‐
tories, search/no search), followed by the file name.
recognizes the following options and command-line arguments:
List access for the given user instead of the caller.
A user can be a known user name, a valid ID num‐
ber, or @, representing the file's owner ID. If
information about more than one file is
requested, the value of @ can differ for each.
This option sets the user ID only. The access
check is made with the caller's effective group
ID and supplementary group IDs unless is also
List access for the given group(s) instead of the caller's
ID and supplementary groups list. A group can be
a known group name, a valid ID number, or @, rep‐
resenting the file's group ID. If information
about more than one file is requested, the value
of @ can differ for each.
List access using the caller's real user
ID, group ID, and supplementary groups list,
instead of effective ID values.
List access rights numerically
(octal digits instead of for each file requested.
The bit values and are defined in the file
Checking access using access control lists is described in acl(5) and
In addition, the write bit is cleared for files on read-only file sys‐
tems or shared-text programs being executed. The execute bit is not
turned off for shared-text programs open for writing because it is not
possible to ascertain whether a file open for writing is a shared-text
Processes with appropriate privileges have read and write access to all
files. However, write access is denied for files on read-only file
systems or shared-text programs being executed. Execute access is
allowed if and only if the file is not a regular file or the execute
bit is set in any of the file's ACL entries.
To use successfully, the caller must have search access in every direc‐
tory component of the path name of the file. verifies search access
first by using the caller's effective IDs, regardless of the user and
group IDs specified. This is distinct from the case in which the call‐
er can search the path but the user for whom access is being checked
does not have access to the file.
Note: a file name argument of has no special meaning (such as standard
determines the language in which messages are displayed.
If is not specified or is set to the empty string, a default of "C"
(see lang(5)) is used instead of If any internationalization variable
contains an invalid setting, behaves as if all internationalization
variables are set to "C". See environ(5).
returns one of the following values:
0 Successful completion.
1 was invoked incorrectly or encountered an unknown user or
group name. An appropriate message is printed to standard
2 A file is nonexistent or unreachable (by the caller).
prints an appropriate message to standard error, continues,
then returns a value of 2 upon completion.
The following command prints the caller's access rights to file1 using
the file's group ID instead of the caller's effective group ID and
Here's how to check access by user in groups and to all files in the
current directory, with access rights expressed as octal values.
Here's how to list access rights for all files under
was developed by HP.
FILESSEE ALSOchacl(1), getacl(1), lsacl(1), setacl(1), getaccess(2), glossary(9).