ACL semantics -- consistency with existing ACL systems?
Casey Schaufler
casey at sgi.com
Tue Oct 26 00:21:07 GMT 1999
Andreas Gruenbacher wrote:
> > Unfortunately, I don't have access to an IRIX box so couldn't look at the
> > implementation there.
Blush. We blew off the ACL-editor-in-a-library and did this:
ACL_GET_FILE(3C)
ACL_GET_FILE(3C)
NAME
acl_get_file, acl_set_file - get or set the ACL for a pathname
SYNOPSIS
#include <sys/acl.h>
struct acl * acl_get_file(const char *path,
int acl_set_file(const char *path, acl_type_t type, struct acl
*aclp);
DESCRIPTION
acl_get_file returns a pointer to an allocated struct acl
associated with
the pathname pointed to by path. type determines whether the
default ACL
(type == ACL_TYPE_DEFAULT) or access ACL (type == ACL_TYPE_ACCESS)
is
returned. The default ACL is available only for directories. If
there
is no default ACL associated with the specified directory, an ACL
containing zero entries is returned. If _POSIX_MAC is in effect,
then
the process must have MAC read access to the object.
acl_set_file sets the ACL of the specified pathname. type
indicates
which ACL, default or access, is to be set. Only directories can
have a
default ACL. If type is not valid, the call fails. The ACL is
first
checked for validity by acl_valid(3c). The effective UID of the
process
must match the owner of the object or the process must have
appropriate
privilege to set the access ACL or the default ACL on path. If
_POSIX_CAP is in effect, then the appropriate capability must
include
CAP_FOWNER. In addition, if _POSIX_MAC is in effect, then the
process
must have MAC write access to the object.
RETURN VALUES
acl_get_file a pointer to an allocated struct acl if successful,
NULL
otherwise. The storage should be freed with a call to acl_free
with the
returned pointer as an argument when it is no longer needed.
acl_set_file returns 0 if successful, -1 otherwise.
ERRORS
acl_get_file:
EACCESS Search permission is denied for a component of the
path
prefix or the object exists and the process does
not have
appropriate access rights.
EINVAL type is not valid
ENAMETOLONG The pathname or one of its components is too long.
ENOENT The named object does not exist or path points to
an
empty string.
ENOMEM allocation of the struct acl failed.
Page 1
ACL_GET_FILE(3C)
ACL_GET_FILE(3C)
ENOSYS ACL support is not available (not installed).
ENOTDIR A component of the path prefix is not a directory.
acl_set_file:
EACCESS Search permission is denied for a component of the
path
prefix or the object exists and the process does
not have
appropriate access rights.
EINVAL aclp points to an invalid ACL. type is not either
ACL_TYPE_ACCESS, or ACL_TYPE_DEFAULT. The ACL is
too
large (too many entries).
ENAMETOLONG The pathname or one of its components is too long.
ENOENT The named object does not exist or path points to
an
empty string.
ENOSPC The file system is full or some other resource
needed for
the ACL storage is not available.
ENOSYS ACL support is not available (not installed).
ENOTDIR A component of the path prefix is not a directory.
EPERM The process does not have appropriate privilege to
perform the operation to set the ACL.
EROFS This function requires modification of a file
system
which is currently read-only.
SEE ALSO
acl(4)
--
Casey Schaufler voice: (650) 933-1634
casey at sgi.com fax: (650) 933-0170
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message
More information about the posix1e
mailing list