facl-gate Udiff usr/src/man/man5/acl.5

Print this page

12288 getfacl and setfacl could stand improvement

@@ -6,12 +6,11 @@
        acl - Access Control Lists
 
 DESCRIPTION
        Access control lists (ACLs) are discretionary access control mechanisms
        that grant and deny access to files and directories. Two different ACL
-       models are supported in the Solaris release: POSIX-draft ACLs and NFSv4
-       ACLs.
+       models are supported in this release: POSIX-draft ACLs and NFSv4 ACLs.
 
 
        The older, POSIX-draft model is supported by the UFS file system. This
        model is based on a withdrawn ACL POSIX specification that was never
        standardized. It was subsequently withdrawn by the POSIX committee.

@@ -23,22 +22,22 @@
        semantics and finer grained permission capabilities than the POSIX-
        draft model.
 
    POSIX-draft ACLs
        POSIX-draft ACLs provide an alternative security mechanism to basic
-       UNIX file permissions in the Solaris release. Their purpose is to
-       further restrict access to files and directories or to extend
-       permissions to a particular user. ACLs can be used to change the
-       permissions for the standard owner, group and other class bits of a
-       file's mode. ACLs can give additional users and groups access to the
-       file. A directory can also have a special kind of ACL called a default
-       ACL, which defines ACL entries to be inherited by descendents of the
-       directory. POSIX-draft ACLs have an ACL entry called mask. The mask
-       defines the maximum permissions that can be granted to additional user
-       and group entries. Whenever a file is created or its mode is changed by
-       chmod(1) or chmod(2), the mask is recomputed. It is recomputed to be
-       the group permission defined in the mode passed to chmod(2).
+       UNIX file permissions. Their purpose is to further restrict access to
+       files and directories or to extend permissions to a particular user.
+       ACLs can be used to change the permissions for the standard owner,
+       group and other class bits of a file's mode. ACLs can give additional
+       users and groups access to the file. A directory can also have a
+       special kind of ACL called a default ACL, which defines ACL entries to
+       be inherited by descendents of the directory. POSIX-draft ACLs have an
+       ACL entry called mask. The mask defines the maximum permissions that
+       can be granted to additional user and group entries. Whenever a file is
+       created or its mode is changed by chmod(1) or chmod(2), the mask is
+       recomputed. It is recomputed to be the group permission defined in the
+       mode passed to chmod(2).
 
 
        The POSIX-draft ACL model uses the standard rwx model of traditional
        UNIX permissions.

@@ -76,11 +75,11 @@
          user:joe:rw-
 
 
 
    NFSv4 ACLs
-       NFSv4 ACL model is based loosely on the Windows NT ACL model. NFSv4
+       The NFSv4 ACL model is based loosely on the Windows NT ACL model. NFSv4
        ACLs provide a much richer ACL model than POSIX-draft ACLs.
 
 
        The major differences between NFSv4 and POSIX-draft ACLs are as
        follows:

@@ -101,11 +100,11 @@
                       inheritance is applied to the directory itself, to just
                       one level of subdirectories, or cascades to all
                       subdirectories of the directory.
 
            o      NFSv4 ACLs provide a mechanism for hooking into a system's
-                  audit trail.  Currently, Solaris does not support this
+                  audit trail.  Currently, illumos does not support this
                   mechanism.
 
            o      NFSv4 ACLs enable administrators to specify the order in
                   which ACL entries are checked. With POSIX-draft ACLs the
                   file system reorders ACL entries into a well defined, strict

@@ -340,13 +339,13 @@
          user:fred:rwR:f:allow
          user:fred:rwR:f------:allow
 
 
 
-   Shell-level Solaris API
-       The Solaris command interface supports the manipulation of ACLs. The
-       following Solaris utilities accommodate both ACL models:
+   Shell-level API
+       Several utilities support the manipulation of ACLs. The following
+       utilities accommodate both ACL models:
 
        chmod
                    The chmod utility has been enhanced to allow for the
                    setting and deleting of ACLs. This is achieved by extending
                    the symbolic-mode argument to support ACL manipulation. See

@@ -407,32 +406,32 @@
 
 
    Application-level API
        The primary interfaces required to access file system ACLs at the
        programmatic level are the acl_get() and acl_set() functions. These
-       functions support both POSIX draft ACLs and NFSv4 ACLs.
+       functions support both POSIX-draft ACLs and NFSv4 ACLs.
 
    Retrieving a file's ACL
          int acl_get(const char *path, int flag, acl_t **aclp);
          int facl_get(int fd, int flag, acl_t **aclp);
 
 
 
-       The acl_get(3SEC) and facl_get(3SEC) functions retrieves an ACL on a
+       The acl_get(3SEC) and facl_get(3SEC) functions retrieve an ACL on a
        file whose name is given by path or referenced by the open file
        descriptor fd. The flag argument specifies whether a trivial ACL should
-       be retrieved. When the flag argument equals ACL_NO_TRIVIAL then only
-       ACLs that are not trivial are retrieved. The ACL is returned in the
-       aclp argument.
+       be retrieved. When the flag argument equals ACL_NO_TRIVIAL only ACLs
+       that are not trivial are retrieved. The ACL is returned in the aclp
+       argument.
 
    Freeing ACL structure
-         void acl_free(acl_t *aclp)s;
+         void acl_free(acl_t *aclp);
 
 
 
        The acl_free() function frees up memory allocated for the argument
-       aclp;.
+       aclp.
 
    Setting an ACL on a file
          int acl_set(const char *path, acl_t *aclp);
          int facl_set(int fd, acl_t *aclp);

@@ -439,14 +438,14 @@
 
 
        The acl_set(3SEC) and facl_get(3SEC) functions are used for setting an
        ACL on a file whose name is given by path or referenced by the open
        file descriptor fd. The aclp argument specifies the ACL to set. The
-       acl_set(3SEC) translates an POSIX-draft ACL into a NFSv4 ACL when the
-       target file systems supports NFSv4 ACLs. No translation is performed
-       when trying to set an NFSv4 ACL on a POSIX-draft ACL supported file
-       system.
+       acl_set(3SEC) function translates a POSIX-draft ACL into a NFSv4 ACL
+       when the target file system supports NFSv4 ACLs. No translation is
+       performed when trying to set an NFSv4 ACL on a POSIX-draft ACL
+       supported file system.
 
    Determining an ACL's trivialness
          int acl_trivial(const char *path);

@@ -473,12 +472,12 @@
        The acl_totext() function converts an internal ACL representation
        pointed to by aclp into an external representation. See DESCRIPTION for
        details about external representation.
 
 
-       The acl_fromtext() functions converts and external representation into
-       an internal representation. See DESCRIPTION for details about external
+       The acl_fromtext() function converts an external representation into an
+       internal representation. See DESCRIPTION for details about external
        representation.
 
 EXAMPLES
        The following examples demonstrate how the API can be used to perform
        basic operations on ACLs.

@@ -546,6 +545,6 @@
        aclsort(3SEC), acl_fromtext(3SEC), acl_free(3SEC), acl_strip(3SEC),
        acl_trivial(3SEC)
 
 
 
-                               November 24, 2014                        ACL(5)
+                               February 8, 2020                         ACL(5)