1 ACLCHECK(3SEC) File Access Control Library Functions ACLCHECK(3SEC) 2 3 4 5 NAME 6 aclcheck - check the validity of an ACL 7 8 SYNOPSIS 9 cc [ flag... ] file... -lsec [ library... ] 10 #include <sys/acl.h> 11 12 int aclcheck(aclent_t *aclbufp, int nentries, int *which); 13 14 15 DESCRIPTION 16 The aclcheck() function checks the validity of an ACL pointed to by 17 aclbufp. The nentries argument is the number of entries contained in 18 the buffer. The which parameter returns the index of the first entry 19 that is invalid. 20 21 22 The function verifies that an ACL pointed to by aclbufp is valid 23 according to the following rules: 24 25 o There must be exactly one GROUP_OBJ ACL entry. 26 27 o There must be exactly one USER_OBJ ACL entry. 28 29 o There must be exactly one OTHER_OBJ ACL entry. 30 31 o If there are any GROUP ACL entries, then the group ID in 32 each group ACL entry must be unique. 33 34 o If there are any USER ACL entries, then the user ID in each 35 user ACL entry must be unique. 36 37 o If there are any GROUP or USER ACL entries, then there must 38 be exactly one CLASS_OBJ (ACL mask) entry. 39 40 o If there are any default ACL entries, then the following 41 apply: 42 43 o There must be exactly one default GROUP_OBJ ACL entry. 44 45 o There must be exactly one default OTHER_OBJ ACL entry. 46 47 o There must be exactly one default USER_OBJ ACL entry. 48 49 o If there are any DEF_GROUP entries, then the group ID in 50 each DEF_GROUP ACL entry must be unique. 51 52 o If there are any DEF_USER entries, then the user ID in 53 each DEF_USER ACL entry must be unique. 54 55 o If there are any DEF_GROUP or DEF_USER entries, then 56 there must be exactly one DEF_CLASS_OBJ (default ACL 57 mask) entry. 58 59 o If any of the above rules are violated, then the function 60 fails with errno set to EINVAL. 61 62 RETURN VALUES 63 If the ACL is valid, aclcheck() will return 0. Otherwise errno is set 64 to EINVAL and aclcheck() will return one of the following: 65 66 GRP_ERROR 67 There is more than one GROUP_OBJ or DEF_GROUP_OBJ 68 ACL entry. 69 70 71 USER_ERROR 72 There is more than one USER_OBJ or DEF_USER_OBJ ACL 73 entry. 74 75 76 CLASS_ERROR 77 There is more than one CLASS_OBJ (ACL mask) or 78 DEF_CLASS_OBJ (default ACL mask) entry. 79 80 81 OTHER_ERROR 82 There is more than one OTHER_OBJ or DEF_OTHER_OBJ 83 ACL entry. 84 85 86 DUPLICATE_ERROR 87 Duplicate entries of USER, GROUP, DEF_USER, or 88 DEF_GROUP. 89 90 91 ENTRY_ERROR 92 The entry type is invalid. 93 94 95 MISS_ERROR 96 Missing an entry. The which parameter returns -1 in 97 this case. 98 99 100 MEM_ERROR 101 The system cannot allocate any memory. The which 102 parameter returns -1 in this case. 103 104 105 ATTRIBUTES 106 See attributes(5) for descriptions of the following attributes: 107 108 109 110 111 +--------------------+-----------------+ 112 | ATTRIBUTE TYPE | ATTRIBUTE VALUE | 113 +--------------------+-----------------+ 114 |Interface Stability | Evolving | 115 +--------------------+-----------------+ 116 |MT-Level | Unsafe | 117 +--------------------+-----------------+ 118 119 SEE ALSO 120 acl(2), aclsort(3SEC), attributes(5) 121 122 123 124 December 10, 2001 ACLCHECK(3SEC)