Print this page
12288 getfacl and setfacl could stand improvement
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man3sec/acl_totext.3sec.man.txt
+++ new/usr/src/man/man3sec/acl_totext.3sec.man.txt
1 1 ACL_TOTEXT(3SEC) File Access Control Library Functions ACL_TOTEXT(3SEC)
2 2
3 3
4 4
5 5 NAME
6 6 acl_totext, acl_fromtext - convert internal representation to or from
7 7 external representation
8 8
9 9 SYNOPSIS
10 10 cc [ flag... ] file... -lsec [ library... ]
11 11 #include <sys/acl.h>
12 12
13 13 char *acl_totext(acl_t *aclp, int flags);
14 14
15 15
16 16 int acl_fromtext(char *acltextp, acl_t **aclp);
17 17
18 18
19 19 DESCRIPTION
20 20 The acl_totext() function converts an internal ACL representation
21 21 pointed to by aclp into an external ACL representation. The memory for
22 22 the external text string is obtained using malloc(3C). The caller is
23 23 responsible for freeing the memory upon completion.
24 24
25 25
26 26 The format of the external ACL is controlled by the flags argument.
27 27 Values for flags are constructed by a bitwise-inclusive-OR of flags
|
↓ open down ↓ |
27 lines elided |
↑ open up ↑ |
28 28 from the following list, defined in <sys/acl.h>.
29 29
30 30 ACL_COMPACT_FMT
31 31 For NFSv4 ACLs, the ACL entries will be formatted
32 32 using the compact ACL format detailed in ls(1) for
33 33 the -V option.
34 34
35 35
36 36 ACL_APPEND_ID
37 37 Append the uid or gid for additional user or group
38 - entries. This flag is used to construt ACL entries
38 + entries. This flag is used to construct ACL entries
39 39 in a manner that is suitable for archive utilities
40 40 such as tar(1). When the ACL is translated from the
41 41 external format to internal representation using
42 42 acl_fromtext(), the appended ID will be used to
43 43 populate the uid or gid field of the ACL entry when
44 44 the user or group name does not exist on the host
45 45 system. The appended id will be ignored when the
46 46 user or group name does exist on the system.
47 47
48 48
49 49 ACL_SID_FMT
50 50 For NFSv4 ACLs, the ACL entries for user or group
51 51 entries will use the usersid or groupsid format when
52 52 the "id" field in the ACL entry is an ephemeral uid
53 53 or gid. The raw sid format will only be used when
54 54 the "id" cannot be resolved to a windows name.
55 55
56 56
57 57
58 58 The acl_fromtext() function converts an external ACL representation
59 59 pointed to by acltextp into an internal ACL representation. The memory
60 60 for the list of ACL entries is obtained using malloc(3C). The caller is
61 61 responsible for freeing the memory upon completion. Depending on type
62 62 of ACLs a file system supports, one of two external external
63 63 representations are possible. For POSIX draft file systems such as ufs,
64 64 the external representation is described in acltotext(3SEC). The
65 65 external ACL representation For NFSv4-style ACLs is detailed as
66 66 follows.
67 67
68 68
69 69 Each acl_entry contains one ACL entry. The external representation of
70 70 an ACL entry contains three, four or five colon separated fields. The
71 71 first field contains the ACL entry type. The entry type keywords are
72 72 defined as:
73 73
74 74 everyone@
75 75 This ACL entry specifies the access granted to any user or
76 76 group that does not match any previous ACL entry.
77 77
78 78
79 79 group
80 80 This ACL entry with a GID specifies the access granted to
81 81 a additional group of the object.
82 82
83 83
84 84 group@
85 85 This ACL entry with no GID specified in the ACL entry
86 86 field specifies the access granted to the owning group of
87 87 the object.
88 88
89 89
90 90 groupsid
91 91 This ACL entry with a SID or Windows name specifies the
92 92 access granted to a Windows group. This type of entry is
93 93 for a CIFS server created file.
94 94
95 95
96 96 owner@
97 97 This ACL entry with no UID specified in the ACL entry
98 98 field specifies the access granted to the owner of the
99 99 object.
100 100
101 101
102 102 sid
103 103 This ACL entry with a SID or Windows name when the entry
104 104 could be either a group or a user.
105 105
106 106
107 107 user
108 108 This ACL entry with a UID specifies the access granted to
109 109 a additional user of the object.
110 110
111 111
112 112 usersid
113 113 This ACL entry with a SID or Windows name specifies the
114 114 access granted to a Windows user. This type of entry is
115 115 for a CIFS server created file.
116 116
117 117
118 118
119 119 The second field contains the ACL entry ID, and is used only for user
120 120 or group ACL entries. This field is not used for owner@, group@, or
121 121 everyone@ entries.
122 122
123 123 uid
124 124 This field contains a user-name or user-ID. If the user-name
125 125 cannot be resolved to a UID, then the entry is assumed to be a
126 126 numeric UID.
127 127
128 128
129 129 gid
130 130 This field contains a group-name or group-ID. If the group-name
131 131 can't be resolved to a GID, then the entry is assumed to be a
132 132 numeric GID.
133 133
134 134
135 135
136 136 The third field contains the discretionary access permissions. The
137 137 format of the permissions depends on whether ACL_COMPACT_FMT is
138 138 specified. When the flags field does not request ACL_COMPACT_FMT, the
139 139 following format is used with a forward slash (/) separating the
140 140 permissions.
141 141
142 142 add_file
143 143 Add a file to a directory.
144 144
145 145
146 146 add_subdirectory
147 147 Add a subdirectory.
148 148
149 149
150 150 append
151 151 Append data.
152 152
153 153
154 154 delete
155 155 Delete.
156 156
157 157
158 158 delete_child
159 159 Delete child.
160 160
161 161
162 162 execute
163 163 Execute permission.
164 164
165 165
166 166 list_directory
167 167 List a directory.
168 168
169 169
170 170 read_acl
171 171 Read ACL.
172 172
173 173
174 174 read_data
175 175 Read permission.
176 176
177 177
178 178 read_attributes
179 179 Read attributes.
180 180
181 181
182 182 read_xattr
183 183 Read named attributes.
184 184
185 185
186 186 synchronize
187 187 Synchronize.
188 188
189 189
190 190 write_acl
191 191 Write ACL.
192 192
193 193
194 194 write_attributes
195 195 Write attributes.
196 196
197 197
198 198 write_data
199 199 Write permission.
200 200
201 201
202 202 write_owner
203 203 Write owner.
204 204
205 205
206 206 write_xattr
207 207 Write named attributes.
208 208
209 209
210 210
211 211 This format allows permissions to be specified as, for example:
212 212 read_data/read_xattr/read_attributes.
213 213
214 214
215 215 When ACL_COMPACT_FMT is specified, the permissions consist of 14 unique
216 216 letters. A hyphen (-) character is used to indicate that the
217 217 permission at that position is not specified.
218 218
219 219 a
220 220 read attributes
221 221
222 222
223 223 A
224 224 write attributes
225 225
226 226
227 227 c
228 228 read ACL
229 229
230 230
231 231 C
232 232 write ACL
233 233
234 234
235 235 d
236 236 delete
237 237
238 238
239 239 D
240 240 delete child
241 241
242 242
243 243 o
244 244 write owner
245 245
246 246
247 247 p
248 248 append
249 249
250 250
251 251 r
252 252 read_data
253 253
254 254
255 255 R
256 256 read named attributes
257 257
258 258
259 259 s
260 260 synchronize
261 261
262 262
263 263 w
264 264 write_data
265 265
266 266
267 267 W
268 268 write named attributes
269 269
270 270
271 271 x
272 272 execute
273 273
274 274
275 275
276 276 This format allows compact permissions to be represented as, for
277 277 example: rw--d-a-------
278 278
279 279
280 280 The fourth field is optional when ACL_COMPACT_FMT is not specified, in
281 281 which case the field will be present only when the ACL entry has
282 282 inheritance flags set. The following is the list of inheritance flags
283 283 separated by a slash (/) character.
284 284
285 285 dir_inherit
286 286 ACE_DIRECTORY_INHERIT_ACE
287 287
288 288
289 289 file_inherit
290 290 ACE_FILE_INHERIT_ACE
291 291
292 292
293 293 inherit_only
294 294 ACE_INHERIT_ONLY_ACE
295 295
296 296
297 297 no_propagate
298 298 ACE_NO_PROPAGATE_INHERIT_ACE
299 299
300 300
301 301
302 302 When ACL_COMPACT_FMT is specified the inheritance will always be
303 303 present and is represented as positional arguments. A hyphen (-)
304 304 character is used to indicate that the inheritance flag at that
305 305 position is not specified.
306 306
307 307 d
308 308 dir_inherit
309 309
310 310
311 311 f
312 312 file_inherit
313 313
314 314
315 315 F
316 316 failed access (not currently supported)
317 317
318 318
319 319 i
320 320 inherit_only
321 321
322 322
323 323 n
324 324 no_propagate
325 325
326 326
327 327 S
328 328 successful access (not currently supported)
329 329
330 330
331 331
332 332 The fifth field contains the type of the ACE (allow or deny):
333 333
334 334 allow
335 335 The mask specified in field three should be allowed.
336 336
337 337
338 338 deny
339 339 The mask specified in field three should be denied.
340 340
341 341
342 342 RETURN VALUES
343 343 Upon successful completion, the acl_totext() function returns a pointer
344 344 to a text string. Otherwise, it returns NULL.
345 345
346 346
347 347 Upon successful completion, the acl_fromtext() function returns 0.
348 348 Otherwise, the return value is set to one of the following:
349 349
350 350 EACL_FIELD_NOT_BLANK
351 351 A field that should be blank is not blank.
352 352
353 353
354 354 EACL_FLAGS_ERROR
355 355 An invalid ACL flag was specified.
356 356
357 357
358 358 EACL_INHERIT_ERROR
359 359 An invalid inheritance field was specified.
360 360
361 361
362 362 EACL_INVALID_ACCESS_TYPE
363 363 An invalid access type was specified.
364 364
365 365
366 366 EACL_INVALID_STR
367 367 The string is NULL.
368 368
369 369
370 370 EACL_INVALID_USER_GROUP
371 371 The required user or group name not found.
372 372
373 373
374 374 EACL_MISSING_FIELDS
375 375 The ACL needs more fields to be specified.
376 376
377 377
378 378 EACL_PERM_MASK_ERROR
379 379 The permission mask is invalid.
380 380
381 381
382 382 EACL_UNKNOWN_DATA
383 383 Unknown data was found in the ACL.
384 384
385 385
386 386 EXAMPLES
387 387 Example 1 Examples of permissions when ACL_COMPACT_FMT is not
388 388 specified.
389 389
390 390 user:joe:read_data/write_data:file_inherit/dir_inherit:allow
391 391
392 392
393 393
394 394 owner@:read_acl:allow,user:tom:read_data:file_inherit/inherit_only:deny
395 395
396 396
397 397
398 398 Example 2 Examples of permissions when ACL_COMPACT_FMT is specified.
399 399
400 400 user:joe:rw------------:fd----:allow
401 401
402 402
403 403
404 404 owner@:----------c---:------allow,user:tom:r-------------:f-i---:deny
405 405
406 406
407 407
408 408 ATTRIBUTES
409 409 See attributes(5) for descriptions of the following attributes:
410 410
411 411
412 412
413 413
414 414 +--------------------+-----------------+
415 415 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
416 416 +--------------------+-----------------+
417 417 |Interface Stability | Committed |
418 418 +--------------------+-----------------+
419 419 |MT-Level | Safe |
420 420 +--------------------+-----------------+
421 421
422 422 SEE ALSO
423 423 ls(1), tar(1), acl(2), malloc(3C), aclfromtext(3SEC), acl(5),
424 424 attributes(5)
425 425
426 426
427 427
428 428 June 16, 2008 ACL_TOTEXT(3SEC)
|
↓ open down ↓ |
380 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX