acl(2)


acl -- manipulate a file's Access Control List (ACL)

facl- manipulate a file's Access Control List (ACL)

Synopsis

   #include <sys/types.h>
   #include <acl.h>
   

int acl(char *pathp, int cmd, int nentries, struct acl *aclbufp);

int facl(int *fd, int cmd, int nentries, struct acl *aclbufp);

Description

The acl and facl system calls are used to manipulate ACLs on file system objects. These calls are valid only on sfs and vxfs file system types.

pathp
a pointer to a pathname naming a file.

fd
an open file descriptor (obtained, for example, from a call to open(2)) referencing a file.

nentries
the number of ACL entries pointed to by aclbufp.

aclbufp
a pointer to the first element of an array of struct acl data structures. This type is defined in sys/acl.h as follows:
   	struct acl {
   	     int     a_type;        /* entry type */
   	     uid_t   a_id;          /* user or group ID */
   	     ushort  a_perm;        /* entry permissions */
   	};

The values for a_type are:


USER_OJB
Permissions for the owner of the object.

USER
Permissions for additional users.

GROUP_OBJ
Permissions for members of the owning group of the object.

GROUP
Permissions for members of additional groups.

CLASS_OBJ
Maximum permissions granted to the file group class.

OTHER_OBJ
Permissions for other users.

DEF_USER_OBJ
Default permissions for the object owner.

DEF_USER
Default permissions for additional users.

DEF_GROUP_OBJ
Default permissions for members of the owning group of the object.

DEF_GROUP
Default permissions for members of additional groups

DEF_CLASS_OBJ
Default maximum permissions granted to the file group class.

DEF_OTHER_OBJ
Default permissions for other users.

cmd
The following values for cmd are available:

ACL_SET
nentries ACL entries, specified in buffer aclbufp, are stored in the file's ACL. Any existing ACL on the file is replaced by the new ACL. This value for cmd can only be executed by a process that has an effective user ID equal to the owner of the file, or by a process with the P_OWNER privilege. All directories in the pathname must be searchable.

ACL_GET
Buffer aclbufp is filled with the file's ACL entries. Discretionary read access to the file is not required, but all directories in the pathname must be searchable.

ACL_CNT
The number of entries in the file's ACL is returned. Discretionary read access to the file is not required, but all directories in the pathname must be searchable.

For command ACL_SET, the acl call will succeed if all of the following are true:

Return values

On failure, ``-1'' is returned and errno is set to identify the error (see below for errno values). The return value on success depends on the cmd specified. For ACL_CNT and ACL_GET, the number of ACL entries is returned on success. For ACL_SET, ``0'' is returned on success.

Errors

On failure, errno is set to one of the following values:

EACCES
(acl only) The caller does not have access to a component of the pathname specified by pathp.

EACCES
The caller does not have read access to the file for ACL_GET and ACL_CNT, or write access to the file for ACL_SET.

EBADF
(facl only) fd is not an open file descriptor.

EINVAL
cmd is not ACL_GET, ACL_SET, or ACL_CNT.

EINVAL
cmd is ACL_SET and nentries is less than the number of mandatory ACL entries (4).

EINVAL
cmd is ACL_SET and the ACL specified in aclbufp is not valid [see aclsort(3C)].

EIO
A disk I/O error has occurred while storing or retrieving the ACL.

EPERM
cmd is ACL_SET and the effective user ID of the caller does not match the owner of the file, and the caller does not have the P_OWNER privilege to perform the operation.

ENOENT
(acl only) A component of the path does not exist.

ENOSPC
cmd is ACL_GET and nentries is less than the number of entries in the file's ACL.

ENOSPC
cmd is ACL_SET and there is insufficient space to store the ACL.

ENOSPC
cmd is ACL_SET and nentries is greater than the tunable parameter MAXACL.

ENOTDIR
(acl only) A component of the path specified by pathp is not a directory.

ENOTDIR
cmd is ACL_SET and an attempt is made to set a default ACL on a file type other than a directory.

ENOSYS
cmd is ACL_SET, the file specified by pathp resides on a file system that does not support ACLs, and additional entries were specified in the ACL.

EROFS
cmd is ACL_SET and the file specified by pathp resides on a file system that is mounted read-only.

EFAULT
aclbufp points to an illegal address.

References

aclipc(2), aclsort(3C), getacl(1), setacl(1)
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 25 April 2004