Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ acl(2) — UnixWare 2.01

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

aclipc(2)

aclsort(3C)

getacl(1)

setacl(1)






       acl(2)                                                        acl(2)


       NAME
             acl - set a file's Access Control List (ACL)

       SYNOPSIS
             #include <sys/types.h>
             #include <acl.h>
             int acl(char *pathp, int cmd, int nentries, struct acl *aclbufp);

       DESCRIPTION
             The acl system call is used to manipulate ACLs on file system
             objects.

             pathp    points to a pathname naming a file.

             nentries specifies how many ACL entries are pointed to by
                      aclbufp.

             aclbufp  is a pointer to the first element of an array of
                      struct acl.  This type is defined in sys/acl.h as
                      follows:
                            struct acl {
                                 int     a_type;        /* entry type */
                                 uid_t   a_id;          /* user or group ID */
                                 ushort  a_perm;        /* entry permissions */
                            };

                      The values for a_type are:

                      USER_OJB          Permissions for the owner of the
                                        object.

                      USER              Permissions for additional users.

                      GROUP_OBJ         Permissions for members of the
                                        owning group of the object.

                      GROUP             Permissions for members of
                                        additional groups.

                      CLASS_OBJ         Maximum permissions granted to the
                                        file group class.

                      OTHER_OBJ         Permissions for other users.





                           Copyright 1994 Novell, Inc.               Page 1













      acl(2)                                                        acl(2)


                     DEF_USER_OBJ      Default permissions for the object
                                       owner.

                     DEF_USER          Default permissions for additional
                                       users.

                     DEF_GROUP_OBJ     Default permissions for members of
                                       the owning group of the object.

                     DEF_GROUP         Default permissions for members of
                                       additional groups

                     DEF_CLASS_OBJ     Default maximum permissions granted
                                       to the file group class.

                     DEF_OTHER_OBJ     Default permissions for other
                                       users.

            cmd      The following values for cmd are available:

                     ACL_SET         nentries ACL entries, specified in
                                     buffer aclbufp, are stored in the
                                     file's ACL.  Any existing ACL on the
                                     file is replaced by the new ACL.
                                     This value for cmd can only be
                                     executed by a process that has an
                                     effective user ID equal to the owner
                                     of the file, or by a process with the
                                     P_OWNER privilege.  All directories
                                     in the pathname must be searchable.
                                     Mandatory Access Control (MAC) write
                                     access to the file is required.

                     ACL_GET         Buffer aclbufp is filled with the
                                     file's ACL entries.  Discretionary
                                     read access to the file is not
                                     required, but all directories in the
                                     pathname must be searchable.
                                     Mandatory Access Control (MAC) read
                                     access to the file is required.

                     ACL_CNT         The number of entries in the file's
                                     ACL is returned.  Discretionary read
                                     access to the file is not required,
                                     but all directories in the pathname
                                     must be searchable.  Mandatory read


                          Copyright 1994 Novell, Inc.               Page 2













       acl(2)                                                        acl(2)


                                      access to the file is required.

             For command ACL_SET, the acl call will succeed if all of the
             following are true:

                 There is exactly one entry each of type USER_OBJ,
                 GROUP_OBJ, CLASS_OBJ, and OTHER_OBJ.

                 There is at most one entry each of type DEF_USER_OBJ,
                 DEF_GROUP_OBJ, DEF_CLASS_OBJ, and DEF_OTHER_OBJ.

                 Entries of type USER, GROUP, DEF_USER, or DEF_GROUP may
                 not contain duplicate entries.  A duplicate entry is one
                 of the same type containing the same numeric ID.

                 If an ACL contains no entries of type USER and no entries
                 of type GROUP, then the entries of type GROUP_OBJ and
                 CLASS_OBJ must have the same permissions.

                 If an ACL contains no entries of type DEF_USER and no
                 entries of type DEF_GROUP, and an entry of type
                 DEF_GROUP_OBJ is specified, then an entry of type
                 DEF_CLASS_OBJ must also be specified and the two entries
                 must have the same permissions.

          Return Values
             On success, acl returns the number of ACL entries for cmd
             ACL_CNT and ACL_GET, and 0 for cmd ACL_SET.  On failure, acl
             returns -1 and sets errno to identify the error.

          Errors
             In the following conditions, acl fails and sets errno to:

             EACCES    The caller does not have access to a component of
                       the pathname

             EACCES    The caller does not have mandatory read access to
                       the file for ACL_GET and ACL_CNT, or mandatory write
                       access to the file for ACL_SET.

             EINVAL    cmd is not ACL_GET, ACL_SET, or ACL_CNT.

             EINVAL    cmd is ACL_SET and nentries is less than the number
                       of mandatory ACL entries (4). aclmax.




                           Copyright 1994 Novell, Inc.               Page 3













      acl(2)                                                        acl(2)


            EINVAL    cmd is ACL_SET and the ACL specified in aclbufp is
                      not valid [see aclsort(3C)].

            EIO       A disk I/O error has occurred while storing or
                      retrieving the ACL.

            EPERM     cmd is ACL_SET and the effective user ID of the
                      caller does not match the owner of the file, and the
                      caller does not have the P_OWNER privilege to
                      perform the operation.

            ENOENT    A component of the path does not exist.

            ENOSPC    cmd is ACL_GET and nentries is less than the number
                      of entries in the file's ACL.

            ENOSPC    cmd is ACL_SET and there is insufficient space to
                      store the ACL.

            ENOSPC    cmd is ACL_SET and nentries is greater than the
                      tunable parameter aclmax.

            ENOTDIR   A component of the path specified by pathp is not a
                      directory.

            ENOTDIR   cmd is ACL_SET and an attempt is made to set a
                      default ACL on a file type other than a directory.

            ENOSYS    cmd is ACL_SET, the file specified by pathp resides
                      on a file system that does not support ACLs, and
                      additional entries were specified in the ACL.

            EROFS     cmd is ACL_SET and the file specified by pathp
                      resides on a file system that is mounted read-only.

            EFAULT    aclbufp points to an illegal address.

      REFERENCES
            aclipc(2), aclsort(3C), getacl(1), setacl(1)









                          Copyright 1994 Novell, Inc.               Page 4








Typewritten Software • bear@typewritten.org • Edmonds, WA 98026