|System Calls Manual
— open or create a file for reading, writing or
Standard C Library (libc, -lc)
char *path, int
fd, const char
*path, int flags,
The file name specified by path is opened
for either execution or reading and/or writing as specified by the argument
flags and the file descriptor returned to the calling
process. The flags argument may indicate the file is
to be created if it does not exist (by specifying the
O_CREAT flag). In this case
openat() require an additional argument
mode_t mode, and the file is created with mode
mode as described in chmod(2) and
modified by the process' umask value (see umask(2)).
function is equivalent to the
open() function except
in the case where the path specifies a relative path.
In this case the file to be opened is determined relative to the directory
associated with the file descriptor fd instead of the
current working directory. The flag parameter and the
optional fourth parameter correspond exactly to the parameters of
passed the special value
AT_FDCWD in the
fd parameter, the current working directory is used
and the behavior is identical to a call to
In capsicum(4) capability mode,
not permitted. The path argument to
openat() must be strictly relative to a file
descriptor fd, as defined in
must not be an absolute path and must not contain ".." components.
Additionally, no symbolic link in path may contain
".." components either. fd must not be
The flags specified are formed by or'ing the following values
O_RDONLY open for reading only O_WRONLY open for writing only O_RDWR open for reading and writing O_EXEC open for execute only O_SEARCH open for search only, an alias for O_EXEC O_NONBLOCK do not block on open O_APPEND append on each write O_CREAT create file if it does not exist O_TRUNC truncate size to 0 O_EXCL error if create and file exists O_SHLOCK atomically obtain a shared lock O_EXLOCK atomically obtain an exclusive lock O_DIRECT eliminate or reduce cache effects O_FSYNC synchronous writes O_SYNC synchronous writes O_NOFOLLOW do not follow symlinks O_NOCTTY ignored O_TTY_INIT ignored O_DIRECTORY error if file is not a directory O_CLOEXEC set FD_CLOEXEC upon open O_VERIFY verify the contents of the file
Opening a file with
set causes each write on the file to be appended to the end. If
O_TRUNC is specified and the file exists, the file
is truncated to zero length. If
O_EXCL is set with
O_CREAT and the file already exists,
returns an error. This may be used to implement a simple exclusive access
locking mechanism. If
O_EXCL is set and the last
component of the pathname is a symbolic link,
will fail even if the symbolic link points to a non-existent name. If the
O_NONBLOCK flag is specified and the
open() system call would result in the process being
blocked for some reason (e.g., waiting for carrier on a dialup line),
open() returns immediately. The descriptor remains
in non-blocking mode for subsequent operations.
O_FSYNC is used in the mask, all writes
will immediately and synchronously be written to disk.
O_SYNC is a synonym for
O_FSYNC required by POSIX.
O_NOFOLLOW is used in the
mask and the target file passed to
open() is a
symbolic link then the
open() will fail.
When opening a file, a lock with flock(2)
semantics can be obtained by setting
O_SHLOCK for a
shared lock, or
O_EXLOCK for an exclusive lock. If
creating a file with
O_CREAT, the request for the
lock will never fail (provided that the underlying file system supports
O_DIRECT may be used to minimize or
eliminate the cache effects of reading and writing. The system will attempt
to avoid caching the data you read or write. If it cannot avoid caching the
data, it will minimize the impact the data has on the cache. Use of this
flag can drastically reduce performance if not used with care.
O_NOCTTY may be used to ensure
the OS does not assign this file as the controlling terminal when it opens a
tty device. This is the default on FreeBSD, but is
present for POSIX compatibility. The
system call will not assign controlling terminals on
O_TTY_INIT may be used to
ensure the OS restores the terminal attributes when initially opening a TTY.
This is the default on FreeBSD, but is present for
POSIX compatibility. The initial call to
open() on a
TTY will always restore default terminal attributes on
O_DIRECTORY may be used to ensure the
resulting file descriptor refers to a directory. This flag can be used to
prevent applications with elevated privileges from opening files which are
even unsafe to open with
O_RDONLY, such as device
O_CLOEXEC may be used to set
FD_CLOEXEC flag for the newly returned file
O_VERIFY may be used to indicate to the
kernel that the contents of the file should be verified before allowing the
open to proceed. The details of what “verified” means is
implementation specific. The run-time linker (rtld) uses this flag to ensure
shared objects have been verified before operating on them.
When fd is opened with
O_SEARCH, execute permissions are checked at open
time. The fd may not be used for any read operations
like getdirentries(2). The primary use for this descriptor
will be as the lookup descriptor for the
*at() family of
returns a non-negative integer, termed a file descriptor. It returns -1 on
failure. The file pointer used to mark the current position within the file
is set to the beginning of the file.
If a sleeping open of a device node from
devfs(5) is interrupted by a signal, the call always fails
EINTR, even if the
SA_RESTART flag is set for the signal. A sleeping
open of a fifo (see mkfifo(2)) is restarted as normal.
When a new file is created it is given the group of the directory which contains it.
The system imposes a limit on the number of file descriptors open simultaneously by one process. The getdtablesize(2) system call returns the current system limit.
openat() return a non-negative integer, termed a
file descriptor. They return -1 on failure, and set
errno to indicate the error.
The named file is opened unless:
- A component of the path prefix is not a directory.
- A component of a pathname exceeded 255 characters, or an entire path name exceeded 1023 characters.
O_CREATis not set and the named file does not exist.
- A component of the path name that must exist does not exist.
- Search permission is denied for a component of the path prefix.
- The required permissions (for reading and/or writing) are denied for the given flags.
O_TRUNCis specified and write permission is denied.
O_CREATis specified, the file does not exist, and the directory in which it is to be created does not permit writing.
O_CREATis specified, the file does not exist, and the directory in which it is to be created has its immutable flag set, see the chflags(2) manual page for more information.
- The named file has its immutable flag set and the file is to be modified.
- The named file has its append-only flag set, the file is to be modified,
O_TRUNCis specified or
O_APPENDis not specified.
- Too many symbolic links were encountered in translating the pathname.
- The named file is a directory, and the arguments specify it is to be modified.
- The named file is a directory, and the flags specified
- The named file resides on a read-only file system, and the file is to be modified.
O_CREATis specified and the named file would reside on a read-only file system.
- The process has already reached its limit for open file descriptors.
- The system file table is full.
O_NOFOLLOWwas specified and the target is a symbolic link.
- The named file is a character special or block special file, and the device associated with this special file does not exist.
O_NONBLOCKis set, the named file is a fifo,
O_WRONLYis set, and no process has the file open for reading.
open() operation was interrupted by a signal.
O_EXLOCKis specified but the underlying file system does not support locking.
- The named file is a special file mounted through a file system that does not support access to it (e.g. NFS).
O_NONBLOCKand one of
O_EXLOCKis specified and the file is locked.
O_CREATis specified, the file does not exist, and the directory in which the entry for the new file is being placed cannot be extended because there is no space left on the file system containing the directory.
O_CREATis specified, the file does not exist, and there are no free inodes on the file system on which the file is being created.
O_CREATis specified, the file does not exist, and the directory in which the entry for the new file is being placed cannot be extended because the user's quota of disk blocks on the file system containing the directory has been exhausted.
O_CREATis specified, the file does not exist, and the user's quota of inodes on the file system on which the file is being created has been exhausted.
- An I/O error occurred while making the directory entry or allocating the
- Corrupted data was detected while reading from the file system.
- The file is a pure procedure (shared text) file that is being executed and
open() system call requests write access.
- The path argument points outside the process's allocated address space.
O_EXCLwere specified and the file exists.
- An attempt was made to open a socket (not currently implemented).
- An attempt was made to open a descriptor with an illegal combination of
- The path argument does not specify an absolute path
and the fd argument is neither
AT_FDCWDnor a valid file descriptor open for searching.
- The path argument is not an absolute path and
fd is neither
AT_FDCWDnor a file descriptor associated with a directory.
O_DIRECTORYis specified and the file is not a directory.
AT_FDCWDis specified and the process is in capability mode.
open() was called and the process is in capability mode.
- path is an absolute path or contained a ".." component leading to a directory outside of the directory hierarchy specified by fd.
These functions are specified by IEEE Std
FreeBSD sets errno to
EMLINK instead of
specified by POSIX when
O_NOFOLLOW is set in flags
and the final component of pathname is a symbolic link to distinguish it
from the case of too many symbolic link traversals in one of its non-final
open() function appeared in
Version 1 AT&T UNIX. The
openat() function was introduced in
The Open Group Extended API Set 2 specification requires that the test for whether fd is searchable is based on whether fd is open for searching, not whether the underlying directory currently permits searches. The present implementation of the openat checks the current permissions of directory instead.
|March 30, 2020