[Tutor] os.access unreliable?

Steven D'Aprano steve at pearwood.info
Wed Aug 25 12:15:26 CEST 2010

On Wed, 25 Aug 2010 06:28:47 pm Albert-Jan Roskam wrote:
> Hi,
> Hi I'm using os.access to do a preliminary check to see if I have RW
> access, but it seems to be unreliable. In a dir for which I have only
> read access, os.access also says I have write access. This is under
> Windows 2000. I could of course use a try-except and catch the
> IOError, but I'd like to know why the code below isn;t working.

As a general rule you need to use a try...except block anyway, otherwise 
your code is vulnerable to race conditions.

In a multi-tasking operating system (like just about all OSes these 
days, including Windows) there is no guarantee that just because you 
had permission to read the file now you will still have it in a 
millisecond when you try to open it. Or even that the file will still 

If you're writing a quick script for dealing with files, you can get 
away with taking the risk. But for more serious applications, there is 
no getting away from try...except.

In this case, the Fine Manual specifically warns that relying on 
os.access opens a potential security vulnerability:


It also warns that os.access doesn't take into account network file 
sharing permissions.

Steven D'Aprano

More information about the Tutor mailing list