1 .\" This manpage is Copyright (C) 1992 Drew Eckhardt;
2 .\" and Copyright (C) 1993 Michael Haardt, Ian Jackson.
3 .\" and Copyright (C) 2008 Greg Banks
4 .\" and Copyright (C) 2006, 2008, 2013, 2014 Michael Kerrisk <mtk.manpages@gmail.com>
6 .\" SPDX-License-Identifier: Linux-man-pages-copyleft
8 .\" Modified 1993-07-21 by Rik Faith <faith@cs.unc.edu>
9 .\" Modified 1994-08-21 by Michael Haardt
10 .\" Modified 1996-04-13 by Andries Brouwer <aeb@cwi.nl>
11 .\" Modified 1996-05-13 by Thomas Koenig
12 .\" Modified 1996-12-20 by Michael Haardt
13 .\" Modified 1999-02-19 by Andries Brouwer <aeb@cwi.nl>
14 .\" Modified 1998-11-28 by Joseph S. Myers <jsm28@hermes.cam.ac.uk>
15 .\" Modified 1999-06-03 by Michael Haardt
16 .\" Modified 2002-05-07 by Michael Kerrisk <mtk.manpages@gmail.com>
17 .\" Modified 2004-06-23 by Michael Kerrisk <mtk.manpages@gmail.com>
18 .\" 2004-12-08, mtk, reordered flags list alphabetically
19 .\" 2004-12-08, Martin Pool <mbp@sourcefrog.net> (& mtk), added O_NOATIME
20 .\" 2007-09-18, mtk, Added description of O_CLOEXEC + other minor edits
21 .\" 2008-01-03, mtk, with input from Trond Myklebust
22 .\" <trond.myklebust@fys.uio.no> and Timo Sirainen <tss@iki.fi>
23 .\" Rewrite description of O_EXCL.
24 .\" 2008-01-11, Greg Banks <gnb@melbourne.sgi.com>: add more detail
26 .\" 2008-02-26, Michael Haardt: Reorganized text for O_CREAT and mode
28 .\" FIXME . Apr 08: The next POSIX revision has O_EXEC, O_SEARCH, and
29 .\" O_TTYINIT. Eventually these may need to be documented. --mtk
31 .TH open 2 (date) "Linux man-pages (unreleased)"
33 open, openat, creat \- open and possibly create a file
36 .RI ( libc ", " \-lc )
41 .BI "int open(const char *" pathname ", int " flags ", ..."
42 .BI " \fR/*\fP mode_t " mode " \fR*/\fP );"
44 .BI "int creat(const char *" pathname ", mode_t " mode );
46 .BI "int openat(int " dirfd ", const char *" pathname ", int " flags ", ..."
47 .BI " \fR/*\fP mode_t " mode " \fR*/\fP );"
49 /* Documented separately, in \c
52 .BI "int openat2(int " dirfd ", const char *" pathname ,
53 .BI " const struct open_how *" how ", size_t " size );
57 Feature Test Macro Requirements for glibc (see
58 .BR feature_test_macros (7)):
64 _POSIX_C_SOURCE >= 200809L
71 system call opens the file specified by
73 If the specified file does not exist,
83 is a file descriptor, a small, nonnegative integer that is an index
84 to an entry in the process's table of open file descriptors.
85 The file descriptor is used
86 in subsequent system calls
93 to refer to the open file.
94 The file descriptor returned by a successful call will be
95 the lowest-numbered file descriptor not currently open for the process.
97 By default, the new file descriptor is set to remain open across an
101 file descriptor flag described in
103 is initially disabled); the
105 flag, described below, can be used to change this default.
106 The file offset is set to the beginning of the file (see
112 .IR "open file description" ,
113 an entry in the system-wide table of open files.
114 The open file description records the file offset and the file status flags
116 A file descriptor is a reference to an open file description;
117 this reference is unaffected if
119 is subsequently removed or modified to refer to a different file.
120 For further details on open file descriptions, see NOTES.
124 must include one of the following
126 .BR O_RDONLY ", " O_WRONLY ", or " O_RDWR .
127 These request opening the file read-only, write-only, or read/write,
130 In addition, zero or more file creation flags and file status flags
136 .I file creation flags
149 are all of the remaining flags listed below.
150 .\" SUSv4 divides the flags into:
154 .\" * Other (O_CLOEXEC, O_DIRECTORY, O_NOFOLLOW)
155 .\" though it's not clear what the difference between "other" and
156 .\" "File creation" flags is. I raised an Aardvark to see if this
157 .\" can be clarified in SUSv4; 10 Oct 2008.
158 .\" http://thread.gmane.org/gmane.comp.standards.posix.austin.general/64/focus=67
159 .\" TC1 (balloted in 2013), resolved this, so that those three constants
160 .\" are also categorized" as file status flags.
162 The distinction between these two groups of flags is that
163 the file creation flags affect the semantics of the open operation itself,
164 while the file status flags affect the semantics of subsequent I/O operations.
165 The file status flags can be retrieved and (in some cases)
170 The full list of file creation flags and file status flags is as follows:
173 The file is opened in append mode.
176 the file offset is positioned at the end of the file,
179 The modification of the file offset and the write operation
180 are performed as a single atomic step.
183 may lead to corrupted files on NFS filesystems if more than one process
184 appends data to a file at once.
185 .\" For more background, see
186 .\" http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453946
187 .\" http://nfs.sourceforge.net/
188 This is because NFS does not support
189 appending to a file, so the client kernel has to simulate it, which
190 can't be done without a race condition.
193 Enable signal-driven I/O:
196 by default, but this can be changed via
198 when input or output becomes possible on this file descriptor.
199 This feature is available only for terminals, pseudoterminals,
200 sockets, and (since Linux 2.6) pipes and FIFOs.
204 See also BUGS, below.
206 .BR O_CLOEXEC " (since Linux 2.6.23)"
207 .\" NOTE! several other man pages refer to this text
208 Enable the close-on-exec flag for the new file descriptor.
209 .\" FIXME . for later review when Issue 8 is one day released...
210 .\" POSIX proposes to fix many APIs that provide hidden FDs
211 .\" http://austingroupbugs.net/tag_view_page.php?tag_id=8
212 .\" http://austingroupbugs.net/view.php?id=368
213 Specifying this flag permits a program to avoid additional
216 operations to set the
220 Note that the use of this flag is essential in some multithreaded programs,
221 because using a separate
226 flag does not suffice to avoid race conditions
227 where one thread opens a file descriptor and
228 attempts to set its close-on-exec flag using
230 at the same time as another thread does a
234 Depending on the order of execution,
235 the race may lead to the file descriptor returned by
237 being unintentionally leaked to the program executed by the child process
240 (This kind of race is in principle possible for any system call
241 that creates a file descriptor whose close-on-exec flag should be set,
242 and various other Linux system calls provide an equivalent of the
244 flag to deal with this problem.)
245 .\" This flag fixes only one form of the race condition;
246 .\" The race can also occur with, for example, file descriptors
247 .\" returned by accept(), pipe(), etc.
252 does not exist, create it as a regular file.
254 The owner (user ID) of the new file is set to the effective user ID
257 The group ownership (group ID) of the new file is set either to
258 the effective group ID of the process (System V semantics)
259 or to the group ID of the parent directory (BSD semantics).
260 On Linux, the behavior depends on whether the
261 set-group-ID mode bit is set on the parent directory:
262 if that bit is set, then BSD semantics apply;
263 otherwise, System V semantics apply.
264 For some filesystems, the behavior also depends on the
268 mount options described in
270 .\" As at Linux 2.6.25, bsdgroups is supported by ext2, ext3, ext4, and
271 .\" XFS (since Linux 2.6.14).
275 argument specifies the file mode bits to be applied when a new file is created.
284 is ignored (and can thus be specified as 0, or simply omitted).
295 if it is not supplied,
296 some arbitrary bytes from the stack will be applied as the file mode.
298 The effective mode is modified by the process's
300 in the usual way: in the absence of a default ACL, the mode of the
302 .IR "(mode\ &\ \[ti]umask)" .
306 applies only to future accesses of the
307 newly created file; the
309 call that creates a read-only file may well return a read/write
312 The following symbolic constants are provided for
317 00700 user (file owner) has read, write, and execute permission
320 00400 user has read permission
323 00200 user has write permission
326 00100 user has execute permission
329 00070 group has read, write, and execute permission
332 00040 group has read permission
335 00020 group has write permission
338 00010 group has execute permission
341 00007 others have read, write, and execute permission
344 00004 others have read permission
347 00002 others have write permission
350 00001 others have execute permission
353 According to POSIX, the effect when other bits are set in
356 On Linux, the following bits are also honored in
361 0004000 set-user-ID bit
364 0002000 set-group-ID bit (see
368 0001000 sticky bit (see
372 .BR O_DIRECT " (since Linux 2.4.10)"
373 Try to minimize cache effects of the I/O to and from this file.
374 In general this will degrade performance, but it is useful in
375 special situations, such as when applications do their own caching.
376 File I/O is done directly to/from user-space buffers.
379 flag on its own makes an effort to transfer data synchronously,
380 but does not give the guarantees of the
382 flag that data and necessary metadata are transferred.
383 To guarantee synchronous I/O,
385 must be used in addition to
387 See NOTES below for further discussion.
389 A semantically similar (but deprecated) interface for block devices
394 If \fIpathname\fP is not a directory, cause the open to fail.
395 .\" But see the following and its replies:
396 .\" http://marc.theaimsgroup.com/?t=112748702800001&r=1&w=2
397 .\" [PATCH] open: O_DIRECTORY and O_CREAT together should fail
398 .\" O_DIRECTORY | O_CREAT causes O_DIRECTORY to be ignored.
399 This flag was added in Linux 2.1.126, to
400 avoid denial-of-service problems if
406 Write operations on the file will complete according to the requirements of
409 integrity completion.
414 return, the output data
415 has been transferred to the underlying hardware,
416 along with any file metadata that would be required to retrieve that data
417 (i.e., as though each
419 was followed by a call to
421 .IR "See NOTES below" .
424 Ensure that this call creates the file:
425 if this flag is specified in conjunction with
434 When these two flags are specified, symbolic links are not followed:
435 .\" POSIX.1-2001 explicitly requires this behavior.
438 is a symbolic link, then
440 fails regardless of where the symbolic link points.
442 In general, the behavior of
444 is undefined if it is used without
446 There is one exception: on Linux 2.6 and later,
452 refers to a block device.
453 If the block device is in use by the system (e.g., mounted),
460 is supported only when using NFSv3 or later on kernel 2.6 or later.
461 In NFS environments where
463 support is not provided, programs that rely on it
464 for performing locking tasks will contain a race condition.
465 Portable programs that want to perform atomic file locking using a lockfile,
466 and need to avoid reliance on NFS support for
468 can create a unique file on
469 the same filesystem (e.g., incorporating hostname and PID), and use
471 to make a link to the lockfile.
474 returns 0, the lock is successful.
477 on the unique file to check if its link count has increased to 2,
478 in which case the lock is also successful.
482 Allow files whose sizes cannot be represented in an
484 (but can be represented in an
488 .B _LARGEFILE64_SOURCE
489 macro must be defined
493 in order to obtain this definition.
496 feature test macro to 64 (rather than using
499 method of accessing large files on 32-bit systems (see
500 .BR feature_test_macros (7)).
502 .BR O_NOATIME " (since Linux 2.6.8)"
503 Do not update the file last access time
509 This flag can be employed only if one of the following conditions is true:
512 The effective UID of the process
513 .\" Strictly speaking: the filesystem UID
514 matches the owner UID of the file.
516 The calling process has the
518 capability in its user namespace and
519 the owner UID of the file has a mapping in the namespace.
522 This flag is intended for use by indexing or backup programs,
523 where its use can significantly reduce the amount of disk activity.
524 This flag may not be effective on all filesystems.
525 One example is NFS, where the server maintains the access time.
526 .\" The O_NOATIME flag also affects the treatment of st_atime
527 .\" by mmap() and readdir(2), MTK, Dec 04.
532 refers to a terminal device\[em]see
534 will not become the process's controlling terminal even if the
535 process does not have one.
538 If the trailing component (i.e., basename) of
540 is a symbolic link, then the open fails, with the error
542 Symbolic links in earlier components of the pathname will still be
546 error that can occur in this case is indistinguishable from the case where
547 an open fails because there are too many symbolic links found
548 while resolving components in the prefix part of the pathname.)
550 This flag is a FreeBSD extension, which was added in Linux 2.1.126,
551 and has subsequently been standardized in POSIX.1-2008.
556 .\" The headers from glibc 2.0.100 and later include a
557 .\" definition of this flag; \fIkernels before Linux 2.1.126 will ignore it if
560 .BR O_NONBLOCK " or " O_NDELAY
561 When possible, the file is opened in nonblocking mode.
564 nor any subsequent I/O operations on the file descriptor which is
565 returned will cause the calling process to wait.
567 Note that the setting of this flag has no effect on the operation of
572 since those interfaces merely inform the caller about whether
573 a file descriptor is "ready",
574 meaning that an I/O operation performed on
575 the file descriptor with the
581 Note that this flag has no effect for regular files and block devices;
582 that is, I/O operations will (briefly) block when device activity
583 is required, regardless of whether
588 semantics might eventually be implemented,
589 applications should not depend upon blocking behavior
590 when specifying this flag for regular files and block devices.
592 For the handling of FIFOs (named pipes), see also
594 For a discussion of the effect of
596 in conjunction with mandatory file locks and with file leases, see
599 .BR O_PATH " (since Linux 2.6.39)"
600 .\" commit 1abf0c718f15a56a0a435588d1b104c7a37dc9bd
601 .\" commit 326be7b484843988afe57566b627fb7a70beac56
602 .\" commit 65cfc6722361570bfe255698d9cd4dccaf47570d
604 .\" http://thread.gmane.org/gmane.linux.man/2790/focus=3496
605 .\" Subject: Re: [PATCH] open(2): document O_PATH
606 .\" Newsgroups: gmane.linux.man, gmane.linux.kernel
608 Obtain a file descriptor that can be used for two purposes:
609 to indicate a location in the filesystem tree and
610 to perform operations that act purely at the file descriptor level.
611 The file itself is not opened, and other file operations (e.g.,
622 The following operations
624 be performed on the resulting file descriptor:
630 if the file descriptor refers to a directory
632 .\" commit 332a2e1244bd08b9e3ecd378028513396a004a24
637 .\" fstat(): commit 55815f70147dcfa3ead5738fd56d3574e2e3c1c2
640 .\" fstatfs(): commit 9d05746e7b16d8565dddbe3200faa1e669d23bbf
642 Duplicating the file descriptor
648 Getting and setting file descriptor flags
654 Retrieving open file status flags using the
657 operation: the returned flags will include the bit
660 Passing the file descriptor as the
664 and the other "*at()" system calls.
670 .BR AT_SYMLINK_FOLLOW )
671 even if the file is not a directory.
673 Passing the file descriptor to another process via a UNIX domain socket
691 Opening a file or directory with the
693 flag requires no permissions on the object itself
694 (but does require execute permission on the directories in the path prefix).
695 Depending on the subsequent operation,
696 a check for suitable file permissions may be performed (e.g.,
698 requires execute permission on the directory referred to
699 by its file descriptor argument).
701 obtaining a reference to a filesystem object by opening it with the
703 flag requires that the caller have read permission on the object,
704 even when the subsequent operation (e.g.,
707 does not require read permission on the object.
711 is a symbolic link and the
713 flag is also specified,
714 then the call returns a file descriptor referring to the symbolic link.
715 This file descriptor can be used as the
723 with an empty pathname to have the calls operate on the symbolic link.
727 refers to an automount point that has not yet been triggered, so no
728 other filesystem is mounted on it, then the call returns a file
729 descriptor referring to the automount directory without triggering a mount.
731 can then be used to determine if it is, in fact, an untriggered
733 .RB ( ".f_type == AUTOFS_SUPER_MAGIC" ).
737 for regular files is to provide the equivalent of POSIX.1's
740 This permits us to open a file for which we have execute
741 permission but not read permission, and then execute that file,
742 with steps something like the following:
747 fd = open("some_prog", O_PATH);
748 snprintf(buf, PATH_MAX, "/proc/self/fd/%d", fd);
749 execl(buf, "some_prog", (char *) NULL);
755 file descriptor can also be passed as the argument of
759 Write operations on the file will complete according to the requirements of
763 (by contrast with the
773 returns, the output data and associated file metadata
774 have been transferred to the underlying hardware
775 (i.e., as though each
777 was followed by a call to
779 .IR "See NOTES below" .
781 .BR O_TMPFILE " (since Linux 3.11)"
782 .\" commit 60545d0d4610b02e55f65d141c95b18ccf855b6e
783 .\" commit f4e0c30c191f87851c4a53454abb55ee276f4a7e
784 .\" commit bb458c644a59dbba3a1fe59b27106c5e68e1c4bd
785 Create an unnamed temporary regular file.
788 argument specifies a directory;
789 an unnamed inode will be created in that directory's filesystem.
790 Anything written to the resulting file will be lost when
791 the last file descriptor is closed, unless the file is given a name.
794 must be specified with one of
802 is not specified, then
804 can be used to link the temporary file into the filesystem, making it
805 permanent, using code like the following:
810 fd = open("/path/to/dir", O_TMPFILE | O_RDWR,
813 /* File I/O on \[aq]fd\[aq]... */
815 linkat(fd, "", AT_FDCWD, "/path/for/file", AT_EMPTY_PATH);
817 /* If the caller doesn\[aq]t have the CAP_DAC_READ_SEARCH
818 capability (needed to use AT_EMPTY_PATH with linkat(2)),
819 and there is a proc(5) filesystem mounted, then the
820 linkat(2) call above can be replaced with:
822 snprintf(path, PATH_MAX, "/proc/self/fd/%d", fd);
823 linkat(AT_FDCWD, path, AT_FDCWD, "/path/for/file",
833 argument determines the file permission mode, as with
840 prevents a temporary file from being linked into the filesystem
842 (Note that the meaning of
844 in this case is different from the meaning of
848 There are two main use cases for
849 .\" Inspired by http://lwn.net/Articles/559147/
855 functionality: race-free creation of temporary files that
856 (1) are automatically deleted when closed;
857 (2) can never be reached via any pathname;
858 (3) are not subject to symlink attacks; and
859 (4) do not require the caller to devise unique names.
861 Creating a file that is initially invisible, which is then populated
862 with data and adjusted to have appropriate filesystem attributes
867 before being atomically linked into the filesystem
868 in a fully formed state (using
874 requires support by the underlying filesystem;
875 only a subset of Linux filesystems provide that support.
876 In the initial implementation, support was provided in
877 the ext2, ext3, ext4, UDF, Minix, and tmpfs filesystems.
878 .\" To check for support, grep for "tmpfile" in kernel sources
879 Support for other filesystems has subsequently been added as follows:
881 .\" commit 99b6436bc29e4f10e4388c27a3e4810191cc4788
882 .\" commit ab29743117f9f4c22ac44c13c1647fb24fb2bafe
884 .\" commit ef3b9af50bfa6a1f02cd7b3f5124b712b1ba3e3c
886 .\" commit 50732df02eefb39ab414ef655979c2c9b64ad21c
887 and ubifs (Linux 4.9)
890 If the file already exists and is a regular file and the access mode allows
895 it will be truncated to length 0.
896 If the file is a FIFO or terminal device file, the
899 Otherwise, the effect of
905 is equivalent to calling
910 .BR O_CREAT|O_WRONLY|O_TRUNC .
914 system call operates in exactly the same way as
916 except for the differences described here.
920 argument is used in conjunction with the
924 If the pathname given in
930 If the pathname given in
938 is interpreted relative to the current working
939 directory of the calling process (like
942 If the pathname given in
944 is relative, then it is interpreted relative to the directory
945 referred to by the file descriptor
947 (rather than relative to the current working directory of
948 the calling process, as is done by
950 for a relative pathname).
953 must be a directory that was opened for reading
959 If the pathname given in
963 is not a valid file descriptor, an error
966 (Specifying an invalid file descriptor number in
968 can be used as a means to ensure that
975 system call is an extension of
977 and provides a superset of the features of
979 It is documented separately, in
987 return the new file descriptor (a nonnegative integer).
988 On error, \-1 is returned and
990 is set to indicate the error.
996 can fail with the following errors:
999 The requested access to the file is not allowed, or search permission
1000 is denied for one of the directories in the path prefix of
1002 or the file did not exist yet and write access to the parent directory
1005 .BR path_resolution (7).)
1008 .\" commit 30aba6656f61ed44cba445a3c0d38b296fa9e8f5
1014 .I protected_regular
1015 sysctl is enabled, the file already exists and is a FIFO or regular file, the
1016 owner of the file is neither the current user nor the owner of the
1017 containing directory, and the containing directory is both world- or
1018 group-writable and sticky.
1019 For details, see the descriptions of
1020 .I /proc/sys/fs/protected_fifos
1022 .I /proc/sys/fs/protected_regular
1024 .BR proc_sys_fs (5).
1033 nor a valid file descriptor.
1041 refers to a block device that is in use by the system (e.g., it is mounted).
1046 is specified, the file does not exist, and the user's quota of disk
1047 blocks or inodes on the filesystem has been exhausted.
1052 .BR O_CREAT " and " O_EXCL
1057 points outside your accessible address space.
1064 While blocked waiting to complete an open of a slow device
1067 the call was interrupted by a signal handler; see
1071 The filesystem does not support the
1076 for more information.
1080 .\" In particular, __O_TMPFILE instead of O_TMPFILE
1097 and the final component ("basename") of the new file's
1100 (e.g., it contains characters not permitted by the underlying filesystem).
1103 The final component ("basename") of
1106 (e.g., it contains characters not permitted by the underlying filesystem).
1110 refers to a directory and the access requested involved writing
1119 refers to an existing directory,
1127 but this kernel version does not provide the
1132 Too many symbolic links were encountered in resolving
1137 was a symbolic link, and
1145 The per-process limit on the number of open file descriptors has been reached
1146 (see the description of
1156 The system-wide limit on the total number of open files has been reached.
1160 refers to a device special file and no corresponding device exists.
1161 (This is a Linux kernel bug; in this situation
1167 is not set and the named file does not exist.
1170 A directory component in
1172 does not exist or is a dangling symbolic link.
1176 refers to a nonexistent directory,
1184 but this kernel version does not provide the
1189 The named file is a FIFO,
1190 but memory for the FIFO buffer can't be allocated because
1191 the per-user hard limit on memory allocation for pipes has been reached
1192 and the caller is not privileged; see
1196 Insufficient kernel memory was available.
1200 was to be created but the device containing
1202 has no room for the new file.
1205 A component used as a directory in
1207 is not, in fact, a directory, or \fBO_DIRECTORY\fP was specified and
1209 was not a directory.
1214 is a relative pathname and
1216 is a file descriptor referring to a file other than a directory.
1219 .BR O_NONBLOCK " | " O_WRONLY
1220 is set, the named file is a FIFO, and
1221 no process has the FIFO open for reading.
1224 The file is a device special file and no corresponding device exists.
1227 The file is a UNIX domain socket.
1230 The filesystem containing
1237 refers to a regular file that is too large to be opened.
1238 The usual scenario here is that an application compiled
1239 on a 32-bit platform without
1240 .I \-D_FILE_OFFSET_BITS=64
1241 tried to open a file whose size exceeds
1247 This is the error specified by POSIX.1;
1248 before Linux 2.6.24, Linux gave the error
1251 .\" See http://bugzilla.kernel.org/show_bug.cgi?id=7253
1252 .\" "Open of a large file on 32-bit fails with EFBIG, should be EOVERFLOW"
1253 .\" Reported 2006-10-03
1258 flag was specified, but the effective user ID of the caller
1259 .\" Strictly speaking, it's the filesystem UID... (MTK)
1260 did not match the owner of the file and the caller was not privileged.
1263 The operation was prevented by a file seal; see
1268 refers to a file on a read-only filesystem and write access was
1273 refers to an executable image which is currently being executed and
1274 write access was requested.
1278 refers to a file that is currently in use as a swap file, and the
1284 refers to a file that is currently being read by the kernel (e.g., for
1285 module/firmware loading), and write access was requested.
1290 flag was specified, and an incompatible lease was held on the file
1294 The (undefined) effect of
1295 .B O_RDONLY | O_TRUNC
1296 varies among implementations.
1297 On many systems the file is actually truncated.
1298 .\" Linux 2.0, 2.5: truncate
1299 .\" Solaris 5.7, 5.8: truncate
1300 .\" Irix 6.5: truncate
1301 .\" Tru64 5.1B: truncate
1302 .\" HP-UX 11.22: truncate
1303 .\" FreeBSD 4.7: truncate
1304 .SS Synchronized I/O
1305 The POSIX.1-2008 "synchronized I/O" option
1306 specifies different variants of synchronized I/O,
1314 for controlling the behavior.
1315 Regardless of whether an implementation supports this option,
1316 it must at least support the use of
1326 Somewhat incorrectly, glibc defines
1328 to have the same value as
1331 is defined in the Linux header file
1333 on HP PA-RISC, but it is not used.)
1336 provides synchronized I/O
1338 integrity completion,
1339 meaning write operations will flush data and all associated metadata
1340 to the underlying hardware.
1342 provides synchronized I/O
1344 integrity completion,
1345 meaning write operations will flush data
1346 to the underlying hardware,
1347 but will only flush metadata updates that are required
1348 to allow a subsequent read operation to complete successfully.
1349 Data integrity completion can reduce the number of disk operations
1350 that are required for applications that don't need the guarantees
1351 of file integrity completion.
1353 To understand the difference between the two types of completion,
1354 consider two pieces of file metadata:
1355 the file last modification timestamp
1357 and the file length.
1358 All write operations will update the last file modification timestamp,
1359 but only writes that add data to the end of the
1360 file will change the file length.
1361 The last modification timestamp is not needed to ensure that
1362 a read completes successfully, but the file length is.
1365 would only guarantee to flush updates to the file length metadata
1368 would also always flush the last modification timestamp metadata).
1370 Before Linux 2.6.33, Linux implemented only the
1374 However, when that flag was specified,
1375 most filesystems actually provided the equivalent of synchronized I/O
1377 integrity completion (i.e.,
1379 was actually implemented as the equivalent of
1382 Since Linux 2.6.33, proper
1384 support is provided.
1385 However, to ensure backward binary compatibility,
1387 was defined with the same value as the historical
1391 was defined as a new (two-bit) flag value that includes the
1394 This ensures that applications compiled against
1395 new headers get at least
1397 semantics before Linux 2.6.33.
1399 .SS C library/kernel differences
1401 the glibc wrapper function for
1405 system call, rather than the kernel's
1408 For certain architectures, this is also true before glibc 2.26.
1428 flags are Linux-specific.
1431 to obtain their definitions.
1438 flags are not specified in POSIX.1-2001,
1439 but are specified in POSIX.1-2008.
1440 Since glibc 2.12, one can obtain their definitions by defining either
1442 with a value greater than or equal to 200809L or
1444 with a value greater than or equal to 700.
1445 In glibc 2.11 and earlier, one obtains the definitions by defining
1452 SVr4, 4.3BSD, POSIX.1-2001.
1461 flag is sometimes used in cases where one wants to open
1462 but does not necessarily have the intention to read or write.
1464 this may be used to open a device in order to get a file descriptor
1470 can open device special files, but
1472 cannot create them; use
1476 If the file is newly created, its
1481 (respectively, time of last access, time of last status change, and
1482 time of last modification; see
1485 to the current time, and so are the
1491 Otherwise, if the file is modified because of the
1497 fields are set to the current time.
1501 directory show the open file descriptors of the process with the PID
1504 .IR /proc/ pid /fdinfo
1505 directory show even more information about these file descriptors.
1508 for further details of both of these directories.
1510 The Linux header file
1516 synonym is defined instead.
1519 .SS Open file descriptions
1520 The term open file description is the one used by POSIX to refer to the
1521 entries in the system-wide table of open files.
1522 In other contexts, this object is
1523 variously also called an "open file object",
1524 a "file handle", an "open file table entry",
1525 or\[em]in kernel-developer parlance\[em]a
1528 When a file descriptor is duplicated (using
1531 the duplicate refers to the same open file description
1532 as the original file descriptor,
1533 and the two file descriptors consequently share
1534 the file offset and file status flags.
1535 Such sharing can also occur between processes:
1536 a child process created via
1538 inherits duplicates of its parent's file descriptors,
1539 and those duplicates refer to the same open file descriptions.
1543 of a file creates a new open file description;
1544 thus, there may be multiple open file descriptions
1545 corresponding to a file inode.
1547 On Linux, one can use the
1550 operation to test whether two file descriptors
1551 (in the same process or in two different processes)
1552 refer to the same open file description.
1555 There are many infelicities in the protocol underlying NFS, affecting
1557 .BR O_SYNC " and " O_NDELAY .
1559 On NFS filesystems with UID mapping enabled,
1562 return a file descriptor but, for example,
1567 This is because the client performs
1570 permissions, but UID mapping is performed by the server upon
1571 read and write requests.
1575 Opening the read or write end of a FIFO blocks until the other
1576 end is also opened (by another process or thread).
1579 for further details.
1582 .SS File access mode
1583 Unlike the other values that can be specified in
1588 .BR O_RDONLY ", " O_WRONLY ", and " O_RDWR
1589 do not specify individual bits.
1590 Rather, they define the low order two bits of
1592 and are defined respectively as 0, 1, and 2.
1593 In other words, the combination
1594 .B "O_RDONLY | O_WRONLY"
1595 is a logical error, and certainly does not have the same meaning as
1598 Linux reserves the special, nonstandard access mode 3 (binary 11) in
1601 check for read and write permission on the file and return a file descriptor
1602 that can't be used for reading or writing.
1603 This nonstandard access mode is used by some Linux drivers to return a
1604 file descriptor that is to be used only for device-specific
1607 .\" See for example util-linux's disk-utils/setfdprm.c
1608 .\" For some background on access mode 3, see
1609 .\" http://thread.gmane.org/gmane.linux.kernel/653123
1610 .\" "[RFC] correct flags to f_mode conversion in __dentry_open"
1611 .\" LKML, 12 Mar 2008
1614 .SS Rationale for openat() and other "directory file descriptor" APIs
1616 and the other system calls and library functions that take
1617 a directory file descriptor argument
1621 .BR fanotify_mark (2),
1630 .BR mount_setattr (2),
1632 .BR name_to_handle_at (2),
1645 address two problems with the older interfaces that preceded them.
1646 Here, the explanation is in terms of the
1648 call, but the rationale is analogous for the other interfaces.
1652 allows an application to avoid race conditions that could
1655 to open files in directories other than the current working directory.
1656 These race conditions result from the fact that some component
1657 of the directory prefix given to
1659 could be changed in parallel with the call to
1661 Suppose, for example, that we wish to create the file
1662 .I dir1/dir2/xxx.dep
1666 The problem is that between the existence check and the file-creation step,
1670 (which might be symbolic links)
1671 could be modified to point to a different location.
1672 Such races can be avoided by
1673 opening a file descriptor for the target directory,
1674 and then specifying that file descriptor as the
1682 file descriptor also has other benefits:
1684 the file descriptor is a stable reference to the directory,
1685 even if the directory is renamed; and
1687 the open file descriptor prevents the underlying filesystem from
1689 just as when a process has a current working directory on a filesystem.
1693 allows the implementation of a per-thread "current working
1694 directory", via file descriptor(s) maintained by the application.
1695 (This functionality can also be obtained by tricks based
1697 .IR /proc/self/fd/ dirfd,
1698 but less efficiently.)
1702 argument for these APIs can be obtained by using
1706 to open a directory (with either the
1711 Alternatively, such a file descriptor can be obtained by applying
1713 to a directory stream created using
1716 When these APIs are given a
1720 or the specified pathname is absolute,
1721 then they handle their pathname argument in the same way as
1722 the corresponding conventional APIs.
1723 However, in this case, several of the APIs have a
1725 argument that provides access to functionality that is not available with
1726 the corresponding conventional APIs.
1732 flag may impose alignment restrictions on the length and address
1733 of user-space buffers and the file offset of I/Os.
1735 restrictions vary by filesystem and kernel version and might be
1737 The handling of misaligned
1740 they can either fail with
1742 or fall back to buffered I/O.
1746 support and alignment restrictions for a file can be queried using
1753 varies by filesystem;
1757 Some filesystems provide their own interfaces for querying
1759 alignment restrictions,
1765 should be used instead when it is available.
1767 If none of the above is available,
1768 then direct I/O support and alignment restrictions
1769 can only be assumed from known characteristics of the filesystem,
1770 the individual file,
1771 the underlying storage device(s),
1772 and the kernel version.
1774 most filesystems based on block devices require that
1775 the file offset and the length and memory address of all I/O segments
1776 be multiples of the filesystem block size
1777 (typically 4096 bytes).
1779 this was relaxed to the logical block size of the block device
1780 (typically 512 bytes).
1781 A block device's logical block size can be determined using the
1784 operation or from the shell using the command:
1793 I/Os should never be run concurrently with the
1796 if the memory buffer is a private mapping
1797 (i.e., any mapping created with the
1801 this includes memory allocated on the heap and statically allocated buffers).
1802 Any such I/Os, whether submitted via an asynchronous I/O interface or from
1803 another thread in the process,
1804 should be completed before
1807 Failure to do so can result in data corruption and undefined behavior in
1808 parent and child processes.
1809 This restriction does not apply when the memory buffer for the
1811 I/Os was created using
1818 Nor does this restriction apply when the memory buffer has been advised as
1822 ensuring that it will not be available
1828 flag was introduced in SGI IRIX, where it has alignment
1829 restrictions similar to those of Linux 2.4.
1832 call to query appropriate alignments, and sizes.
1833 FreeBSD 4.x introduced
1834 a flag of the same name, but without alignment restrictions.
1837 support was added in Linux 2.4.10.
1838 Older Linux kernels simply ignore this flag.
1839 Some filesystems may not implement the flag, in which case
1841 fails with the error
1845 Applications should avoid mixing
1847 and normal I/O to the same file,
1848 and especially to overlapping byte regions in the same file.
1849 Even when the filesystem correctly handles the coherency issues in
1850 this situation, overall I/O throughput is likely to be slower than
1851 using either mode alone.
1852 Likewise, applications should avoid mixing
1854 of files with direct I/O to the same files.
1858 with NFS will differ from local filesystems.
1860 kernels configured in certain ways, may not support this combination.
1861 The NFS protocol does not support passing the flag to the server, so
1863 I/O will bypass the page cache only on the client; the server may
1864 still cache the I/O.
1865 The client asks the server to make the I/O
1866 synchronous to preserve the synchronous semantics of
1868 Some servers will perform poorly under these circumstances, especially
1869 if the I/O size is small.
1870 Some servers may also be configured to
1871 lie to clients about the I/O having reached stable storage; this
1872 will avoid the performance penalty at some risk to data integrity
1873 in the event of server power failure.
1874 The Linux NFS client places no alignment restrictions on
1880 is a potentially powerful tool that should be used with caution.
1881 It is recommended that applications treat use of
1883 as a performance option which is disabled by default.
1885 Currently, it is not possible to enable signal-driven
1892 to enable this flag.
1893 .\" FIXME . Check bugzilla report on open(O_ASYNC)
1894 .\" See http://bugzilla.kernel.org/show_bug.cgi?id=5993
1896 One must check for two different error codes,
1900 when trying to determine whether the kernel supports
1910 and the file specified by
1914 will create a regular file (i.e.,
1928 .BR open_by_handle_at (2),
1940 .BR path_resolution (7),