In POSIX, a file descriptor is an integer, specifically of the C type int. There are three standard POSIX file descriptors, corresponding to the three standard streams, which presumably every process (save perhaps a daemon) should expect to have:
|0||Standard input (stdin)|
|1||Standard output (stdout)|
|2||Standard error (stderr)|
Generally, a file descriptor is an index for an entry in a kernel-resident array data structure containing the details of open files. In POSIX this data structure is called a file descriptor table, and each process has its own file descriptor table. The process passes the file descriptor to the kernel through a system call, and the kernel will access the file on behalf of the process. The process itself cannot read or write the file descriptor table directly.
In Unix-like systems, file descriptors can refer to any Unix file type named in a file system. As well as regular files, this includes directories, block and character devices (also called "special files"), Unix domain sockets, and named pipes. File descriptors can also refer to other objects that do not normally exist in the file system, such as anonymous pipes and network sockets.
The FILE data structure in the C standard I/O library usually includes a low level file descriptor for the object in question on Unix-like systems. Since file handle refers to this additional layer, it is not interchangeable with file descriptor.
Operations on file descriptors
The following lists typical operations on file descriptors on modern Unix-like systems. Some of these functions are declared in the <fcntl.h> header.
Creating file descriptors
- open(), open64()
- creat(), creat64()
- epoll_create() (Linux only)
- signalfd() (Linux only)
- eventfd() (Linux only)
Deriving file descriptors
Operations on a single file descriptor
- read(), write()
- readv(), writev()
- pread(), pwrite()
- pread64(), pwrite64() (linux only, since kernel 2.1, transparently rewritten since 2.6)
- recv(), send()
- recvmsg(), sendmsg() (including allowing sending FDs)
- lseek(), lseek64()
- fstat(), fstat64()
Operations on multiple file descriptors
Operations on the file descriptor table
The fcntl() function is used to perform various operations on a file descriptor, depending on the command argument passed to it. There are commands to get and set attributes associated with a file descriptor, including F_GETFD, F_SETFD, F_GETFL and F_SETFL.
- closefrom() (BSD and Solaris only; deletes all file descriptors greater than or equal to specified number)
- dup() (duplicates an existing file descriptor guaranteeing to be the lowest number available file descriptor)
- dup2() (the new file descriptor will have the value passed as an argument)
Operations that modify process state
- fchdir() (sets the process's current working directory based on a directory file descriptor)
- mmap() (maps ranges of a file into the process's address space)
- fcntl (F_GETLK, F_SETLK and F_SETLKW)
- accept() (creates a new file descriptor for an incoming connection)
- shutdown() (shuts down one or both halves of a full duplex connection)
- ioctl() (a large collection of miscellaneous operations on a single file descriptor, often associated with a device)
A series of new operations on file descriptors has been added to many modern Unix-like systems, as well as numerous C libraries, to be standardized in a future version of POSIX. The
at suffix signifies that the function takes an additional first argument supplying a file descriptor from which relative paths are resolved, the forms lacking the
at suffix thus becoming equivalent to passing a file descriptor corresponding to the current working directory. The purpose of these new operations is to defend against a certain class of TOCTTOU attacks.
File descriptors as capabilities
Unix file descriptors behave in many ways as capabilities. They can be passed between processes across Unix domain sockets using the sendmsg() system call. Note, however, that what is actually passed is a reference to an "open file description" that has mutable state (the file offset, and the file status and access flags). This complicates the secure use of file descriptors as capabilities, since when programs share access to the same open file description, they can interfere with each other's use of it by changing its offset or whether it is blocking or non-blocking, for example. In operating systems that are specifically designed as capability systems, there is very rarely any mutable state associated with a capability itself.
A Unix process' file descriptor table is an example of a C-list.
- lsof - a utility that displays information about open file descriptors.
- Extended API Set, Part 2. The Open Group. October 2006. ISBN 1-931624-67-4.
- Jonathan de Boyne Pollard (2007). "Don't set shared file descriptors to non-blocking I/O mode.". Frequently Given Answers.