Table of Contents

Name

acl, facl - get and change access control lists for files

Synopsis

#include <sys/stat.h>
#include <sys/acl.h>

int acl(const char~*pathp, int cmd, int aclcnt, acl_entry_t~*aclentp);

int facl(int filedes, int cmd, int aclcnt, acl_entry_t~*aclentp);

Description

These functions read and set Access Control Lists (ACLs) for files and directories. Reading ACLs requires list access to files. Setting ACLs is only allowed for the file owner and root.

acl manipulates the ACL of the file named pathp. facl is identical to acl, only the ACL of the open file with file descriptor filedes is manipulated.

The cmd parameter can be one of the following constants, to get an ACL, get the number of entries in an ACL, or set an ACL:


ACL_GETACL
ACL_GETACLCNT
ACL_SETACL

If cmd is ACL_SETACL, aclentp contains the ACL entries to set for the file. aclcnt is the size of the aclentp buffer. The type acl_entry_t is defined as follows:


typedef struct {
    int     a_type;
    uid_t   a_id;
    mode_t  a_perm;
} acl_entry_t;

The a_type field determines the type of the ACL entry. This field can have one of the following values:


ACL_USER_OBJ         (owner)
ACL_USER             (named user)
ACL_GROUP_OBJ        (group)
ACL_GROUP            (named group)
ACL_MASK_OBJ         (effective rights mask)
ACL_OTHER_OBJ        (others)
ACL_DEF_USER_OBJ     (default owner)
ACL_DEF_USER         (default named user)
ACL_DEF_GROUP_OBJ    (default group)
ACL_DEF_GROUP        (default named group)
ACL_DEF_MASK_OBJ     (default effective rights mask)
ACL_DEF_OTHER_OBJ    (default others)

The first six types specify an ACL entry; the remaining six entries specify a default ACL entry. Only directories may have a default ACL (they need not have one, however).

If the ACL entry type is ACL_USER or ACL_DEF_USER, the a_id field contains a valid user ID number. If the ACL entry type is ACL_GROUP or ACL_DEF_GROUP, the a_id field contains a valid group ID number.

In all other cases, the value of a_id is irrelevant for the ACL_SETACL operation.

The ACL_GETACL operation in addition stores the owner's user ID in the a_id field for ACL_USER and ACL_DEF_USER entries, and the owning group's group ID in the a_id field for ACL_GROUP and ACL_DEF_GROUP entries.

The a_perm entry contains the permissions associated with the ACL entry. Use the following constants (defined in <sys/stat.h>):


 S_IROTH       (read access)
 S_IWOTH       (write access)
 S_IXOTH       (list/execute access)
[S_IRWXO       (S_IROTH | S_IWOTH | S_IXOTH)]

Author

Andreas Gruenbacher, <a.gruenbacher@computer.org>.

Please send your bug reports, suggested features and comments to the above address.

See Also

getfacl(1), setfacl(1), acl(5)


Table of Contents