the FreeBSD man page for access(2) includes a section titled "CAVEAT" which says that "Access() is a potential security hole and should never be used." i looked into libc source and access is a typical system call--no real source at all, just enough assembler wrapper to generate a system call with the correct arguments. the assembler is generated when libc is compiled through defines and other macros--real slick. the actual syscall is executed in /sys/kern/vfs_syscalls.c, but i cant see why this is a hole. can you enlighten me? jmb Jonathan M. Bresler jmb@kryten.atinc.com | Analysis & Technology, Inc. | 2341 Jeff Davis Hwy play go. | Arlington, VA 22202 ride bike. hack FreeBSD.--ah the good life | 703-418-2800 x346