1 ACLCHECK(3SEC)       File Access Control Library Functions      ACLCHECK(3SEC)
   2 
   3 
   4 
   5 NAME
   6        aclcheck - check the validity of an ACL
   7 
   8 SYNOPSIS
   9        cc [ flag... ] file... -lsec [ library... ]
  10        #include <sys/acl.h>
  11 
  12        int aclcheck(aclent_t *aclbufp, int nentries, int *which);
  13 
  14 
  15 DESCRIPTION
  16        The aclcheck() function checks the validity of an ACL pointed to by
  17        aclbufp. The nentries argument is the number of entries contained in
  18        the buffer. The which parameter returns the index of the first entry
  19        that is invalid.
  20 
  21 
  22        The function verifies that an ACL pointed to by aclbufp is valid
  23        according to the following rules:
  24 
  25            o      There must be exactly one GROUP_OBJ ACL entry.
  26 
  27            o      There must be exactly one USER_OBJ ACL entry.
  28 
  29            o      There must be exactly one OTHER_OBJ ACL entry.
  30 
  31            o      If there are any GROUP ACL entries, then the group ID in
  32                   each group ACL entry must be unique.
  33 
  34            o      If there are any USER ACL entries, then the user ID in each
  35                   user ACL entry must be unique.
  36 
  37            o      If there are any GROUP or USER ACL entries, then there must
  38                   be exactly one CLASS_OBJ (ACL mask) entry.
  39 
  40            o      If there are any default ACL entries, then the following
  41                   apply:
  42 
  43                o      There must be exactly one default GROUP_OBJ ACL entry.
  44 
  45                o      There must be exactly one default OTHER_OBJ ACL entry.
  46 
  47                o      There must be exactly one default USER_OBJ ACL entry.
  48 
  49                o      If there are any DEF_GROUP entries, then the group ID in
  50                       each DEF_GROUP ACL entry must be unique.
  51 
  52                o      If there are any DEF_USER entries, then the user ID in
  53                       each DEF_USER ACL entry must be unique.
  54 
  55                o      If there are any DEF_GROUP or DEF_USER entries, then
  56                       there must be exactly one DEF_CLASS_OBJ (default ACL
  57                       mask) entry.
  58 
  59            o      If any of the above rules are violated, then the function
  60                   fails with errno set to EINVAL.
  61 
  62 RETURN VALUES
  63        If the ACL is valid, aclcheck() will return 0. Otherwise errno is set
  64        to EINVAL and aclcheck() will return one of the following:
  65 
  66        GRP_ERROR
  67                           There is more than one GROUP_OBJ or DEF_GROUP_OBJ
  68                           ACL entry.
  69 
  70 
  71        USER_ERROR
  72                           There is more than one USER_OBJ or DEF_USER_OBJ ACL
  73                           entry.
  74 
  75 
  76        CLASS_ERROR
  77                           There is more than one CLASS_OBJ (ACL mask) or
  78                           DEF_CLASS_OBJ (default ACL mask) entry.
  79 
  80 
  81        OTHER_ERROR
  82                           There is more than one OTHER_OBJ or DEF_OTHER_OBJ
  83                           ACL entry.
  84 
  85 
  86        DUPLICATE_ERROR
  87                           Duplicate entries of USER, GROUP, DEF_USER, or
  88                           DEF_GROUP.
  89 
  90 
  91        ENTRY_ERROR
  92                           The entry type is invalid.
  93 
  94 
  95        MISS_ERROR
  96                           Missing an entry. The which parameter returns -1 in
  97                           this case.
  98 
  99 
 100        MEM_ERROR
 101                           The system cannot allocate any memory. The which
 102                           parameter returns -1 in this case.
 103 
 104 
 105 ATTRIBUTES
 106        See attributes(5) for descriptions of the following attributes:
 107 
 108 
 109 
 110 
 111        +--------------------+-----------------+
 112        |  ATTRIBUTE TYPE    | ATTRIBUTE VALUE |
 113        +--------------------+-----------------+
 114        |Interface Stability | Evolving        |
 115        +--------------------+-----------------+
 116        |MT-Level            | Unsafe          |
 117        +--------------------+-----------------+
 118 
 119 SEE ALSO
 120        acl(2), aclsort(3SEC), attributes(5)
 121 
 122 
 123 
 124                                December 10, 2001                ACLCHECK(3SEC)