euidaccess - Linux

Overview

euidaccess validates the real user ID (UID) and effective user ID (EUID) of a user against a resource’s UID and EUID and provides diagnostic information to help troubleshoot permission issues. It’s invaluable when investigating file permissions and access rights, particularly in scenarios involving the Linux kernel security module (LSM).

Syntax

euidaccess [-h] [-q] [-d] [-P [policy]] [-m mode] [-s] [-v] <path>

Options/Flags

• -h, –help: Display help and usage information.
• -q, –quiet: Suppress output.
• -d, –debug: Enable debug mode for additional diagnostics.
• -P [policy], –policy [policy]: Specify the LSM policy to use (e.g., apparmor). Defaults to the default policy.
• -m mode, –mode mode**: Set the file mode to use for validation. Defaults to the current file mode.
• -s, –short: Display a summary of validation results.
• -v, –verbose: Display detailed validation results.

Examples

Check basic file access:

euidaccess /path/to/file

Check access with a specific policy:

euidaccess -P apparmor /path/to/file

Check access with a custom file mode:

euidaccess -m 0644 /path/to/file

Check access and display summary:

euidaccess -s /path/to/file

Common Issues

• Permission denied: Ensure the user has appropriate permissions set for the file or the LSM policy.
• Invalid policy: Verify that the specified LSM policy exists and is correctly configured.
• Invalid file mode: Make sure the specified file mode is valid and supported by the file system.

Integration

euidaccess can be integrated into scripts or command chains to automate permission validation and troubleshooting. For example:

if ! euidaccess -q /path/to/file; then
    echo "Access denied to /path/to/file"
    exit 1
fi

Related Commands

• ls – List file permissions.
• chmod – Change file permissions.
• chown – Change file ownership.

For more information, refer to the euidaccess documentation at https://github.com/util-linux/util-linux/blob/master/fileutils/euidaccess.c.