1PATH_RESOLUTION(7)         Linux Programmer's Manual        PATH_RESOLUTION(7)
2
3
4

NAME

6       path_resolution - how a pathname is resolved to a file
7

DESCRIPTION

9       Some  UNIX/Linux  system calls have as parameter one or more filenames.
10       A filename (or pathname) is resolved as follows.
11
12   Step 1: start of the resolution process
13       If the pathname starts with the  '/'  character,  the  starting  lookup
14       directory  is  the  root  directory  of the calling process.  A process
15       inherits its root directory from its parent.  Usually this will be  the
16       root  directory  of  the file hierarchy.  A process may get a different
17       root directory by use of the chroot(2) system call, or may  temporarily
18       use   a   different   root  directory  by  using  openat2(2)  with  the
19       RESOLVE_IN_ROOT flag set.
20
21       A process may get an entirely private mount namespace in case it—or one
22       of  its  ancestors—was  started by an invocation of the clone(2) system
23       call that had the CLONE_NEWNS flag set.  This handles the '/'  part  of
24       the pathname.
25
26       If  the  pathname  does  not start with the '/' character, the starting
27       lookup directory of the  resolution  process  is  the  current  working
28       directory  of  the  process  — or in the case of openat(2)-style system
29       calls, the dfd argument (or the current working directory  if  AT_FDCWD
30       is  passed  as  the  dfd  argument).   The current working directory is
31       inherited from the parent, and can be changed by use  of  the  chdir(2)
32       system call.)
33
34       Pathnames  starting with a '/' character are called absolute pathnames.
35       Pathnames not starting with a '/' are called relative pathnames.
36
37   Step 2: walk along the path
38       Set the current lookup directory  to  the  starting  lookup  directory.
39       Now,  for each nonfinal component of the pathname, where a component is
40       a substring delimited by '/' characters, this component is looked up in
41       the current lookup directory.
42
43       If  the  process  does not have search permission on the current lookup
44       directory, an EACCES error is returned ("Permission denied").
45
46       If the component is not found, an ENOENT error is  returned  ("No  such
47       file or directory").
48
49       If  the  component  is found, but is neither a directory nor a symbolic
50       link, an ENOTDIR error is returned ("Not a directory").
51
52       If the component is found and is a directory, we set the current lookup
53       directory to that directory, and go to the next component.
54
55       If  the  component  is found and is a symbolic link (symlink), we first
56       resolve this symbolic link (with the current lookup directory as start‐
57       ing  lookup  directory).   Upon  error, that error is returned.  If the
58       result is not a directory, an ENOTDIR error is returned.  If the  reso‐
59       lution  of  the symbolic link is successful and returns a directory, we
60       set the current lookup directory to that directory, and go to the  next
61       component.  Note that the resolution process here can involve recursion
62       if the prefix ('dirname') component of a pathname contains  a  filename
63       that  is a symbolic link that resolves to a directory (where the prefix
64       component of that directory may contain a symbolic link,  and  so  on).
65       In order to protect the kernel against stack overflow, and also to pro‐
66       tect against denial of service, there are limits on the maximum  recur‐
67       sion  depth,  and on the maximum number of symbolic links followed.  An
68       ELOOP error is returned when the maximum is exceeded ("Too many  levels
69       of symbolic links").
70
71       As currently implemented on Linux, the maximum number of symbolic links
72       that will be followed while resolving a pathname  is  40.   In  kernels
73       before  2.6.18,  the limit on the recursion depth was 5.  Starting with
74       Linux 2.6.18, this limit was raised to 8.  In Linux 4.2,  the  kernel's
75       pathname-resolution  code  was  reworked to eliminate the use of recur‐
76       sion, so that the only limit that remains is the maximum of 40  resolu‐
77       tions for the entire pathname.
78
79       The  resolution  of  symbolic links during this stage can be blocked by
80       using openat2(2), with the RESOLVE_NO_SYMLINKS flag set.
81
82   Step 3: find the final entry
83       The lookup of the final component of the pathname goes just  like  that
84       of  all  other  components, as described in the previous step, with two
85       differences: (i) the final component need not be a directory (at  least
86       as  far as the path resolution process is concerned—it may have to be a
87       directory, or a nondirectory, because of the requirements of  the  spe‐
88       cific system call), and (ii) it is not necessarily an error if the com‐
89       ponent is not found—maybe we are just creating it.  The details on  the
90       treatment  of  the final entry are described in the manual pages of the
91       specific system calls.
92
93   . and ..
94       By convention, every directory has the  entries  "."  and  "..",  which
95       refer  to  the  directory  itself  and to its parent directory, respec‐
96       tively.
97
98       The path resolution process will assume that these entries  have  their
99       conventional  meanings, regardless of whether they are actually present
100       in the physical filesystem.
101
102       One cannot walk up past the root: "/.." is the same as "/".
103
104   Mount points
105       After a "mount dev path" command, the pathname  "path"  refers  to  the
106       root  of the filesystem hierarchy on the device "dev", and no longer to
107       whatever it referred to earlier.
108
109       One can walk out of a mounted filesystem: "path/.." refers to the  par‐
110       ent directory of "path", outside of the filesystem hierarchy on "dev".
111
112       Traversal  of mount points can be blocked by using openat2(2), with the
113       RESOLVE_NO_XDEV flag set (though note that  this  also  restricts  bind
114       mount traversal).
115
116   Trailing slashes
117       If  a  pathname  ends in a '/', that forces resolution of the preceding
118       component as in Step 2: it has to exist and  resolve  to  a  directory.
119       Otherwise,  a  trailing  '/' is ignored.  (Or, equivalently, a pathname
120       with a trailing '/' is equivalent to the pathname obtained by appending
121       '.' to it.)
122
123   Final symlink
124       If the last component of a pathname is a symbolic link, then it depends
125       on the system call whether the file referred to will  be  the  symbolic
126       link  or  the  result of path resolution on its contents.  For example,
127       the system call lstat(2) will operate on  the  symlink,  while  stat(2)
128       operates on the file pointed to by the symlink.
129
130   Length limit
131       There  is  a  maximum  length  for pathnames.  If the pathname (or some
132       intermediate pathname obtained while resolving symbolic links)  is  too
133       long, an ENAMETOOLONG error is returned ("Filename too long").
134
135   Empty pathname
136       In the original UNIX, the empty pathname referred to the current direc‐
137       tory.  Nowadays POSIX decrees  that  an  empty  pathname  must  not  be
138       resolved successfully.  Linux returns ENOENT in this case.
139
140   Permissions
141       The  permission  bits  of a file consist of three groups of three bits;
142       see chmod(1) and stat(2).  The first group of three is  used  when  the
143       effective  user  ID  of  the calling process equals the owner ID of the
144       file.  The second group of three is used when the group ID of the  file
145       either  equals the effective group ID of the calling process, or is one
146       of the supplementary group IDs of the calling process (as set  by  set‐
147       groups(2)).  When neither holds, the third group is used.
148
149       Of  the  three bits used, the first bit determines read permission, the
150       second write permission, and the last execute  permission  in  case  of
151       ordinary files, or search permission in case of directories.
152
153       Linux  uses  the  fsuid  instead of the effective user ID in permission
154       checks.  Ordinarily the fsuid will equal the effective user ID, but the
155       fsuid can be changed by the system call setfsuid(2).
156
157       (Here "fsuid" stands for something like "filesystem user ID".  The con‐
158       cept was required for the implementation of a user space NFS server  at
159       a  time  when  processes could send a signal to a process with the same
160       effective user ID.  It  is  obsolete  now.   Nobody  should  use  setf‐
161       suid(2).)
162
163       Similarly,  Linux uses the fsgid ("filesystem group ID") instead of the
164       effective group ID.  See setfsgid(2).
165
166   Bypassing permission checks: superuser and capabilities
167       On a traditional UNIX system, the superuser (root, user ID 0)  is  all-
168       powerful,  and  bypasses  all  permissions  restrictions when accessing
169       files.
170
171       On Linux, superuser privileges are divided into capabilities (see capa‐
172       bilities(7)).   Two  capabilities  are  relevant  for  file permissions
173       checks: CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH.  (A process has these
174       capabilities if its fsuid is 0.)
175
176       The  CAP_DAC_OVERRIDE capability overrides all permission checking, but
177       grants execute permission only when at least one of  the  file's  three
178       execute permission bits is set.
179
180       The CAP_DAC_READ_SEARCH capability grants read and search permission on
181       directories, and read permission on ordinary files.
182

SEE ALSO

184       readlink(2), capabilities(7), credentials(7), symlink(7)
185

COLOPHON

187       This page is part of release 5.07 of the Linux  man-pages  project.   A
188       description  of  the project, information about reporting bugs, and the
189       latest    version    of    this    page,    can     be     found     at
190       https://www.kernel.org/doc/man-pages/.
191
192
193
194Linux                             2020-04-11                PATH_RESOLUTION(7)
Impressum