ACL (9) | Kernel routines | Unix Manual Pages

Alphabetical Categories About us

ACL (9) | Kernel routines | Unix Manual Pages | :man▋

Currently, each ACL is represented in-kernel by a fixed-size
.Vt acl structure, defined as follows:
struct acl {
int acl_cnt;
struct acl_entry acl_entry[ACL_MAX_ENTRIES];
};

An ACL is constructed from a fixed size array of ACL entries, each of which consists of a set of permissions, principal namespace, and principal identifier.

Each individual ACL entry is of the type
.Vt acl_entry_t , which is a structure with the following members:

Vt acl_tag_t ae_tag
	The following is a list of definitions of ACL types to be set in ae_tag:

`ACL_UNDEFINED_FIELD`	Undefined ACL type.
`ACL_USER_OBJ`	Discretionary access rights for processes whose effective user ID matches the user ID of the file’s owner.
`ACL_USER`	Discretionary access rights for processes whose effective user ID matches the ACL entry qualifier.
`ACL_GROUP_OBJ`	Discretionary access rights for processes whose effective group ID or any supplemental groups match the group ID of the file’s owner.
`ACL_GROUP`	Discretionary access rights for processes whose effective group ID or any supplemental groups match the ACL entry qualifier.
`ACL_MASK`	The maximum discretionary access rights that can be granted to a process in the file group class.
`ACL_OTHER`	Discretionary access rights for processes not covered by any other ACL entry.
`ACL_OTHER_OBJ`	Same as `ACL_OTHER`. Each ACL entry must contain exactly one `ACL_USER_OBJ`, one `ACL_GROUP_OBJ`, and one `ACL_OTHER`. If any of `ACL_USER`, `ACL_GROUP`, or `ACL_OTHER` are present, then exactly one `ACL_MASK` entry should be present.

Vt uid_t ae_id	The ID of user for whom this ACL describes access permissions.
Vt acl_perm_t ae_perm	This field defines what kind of access the process matching this ACL has for accessing the associated file.

`ACL_EXECUTE`	The process may execute the associated file.
`ACL_WRITE`	The process may write to the associated file.
`ACL_READ`	The process may read from the associated file.
`ACL_PERM_NONE`	The process has no read, write or execute permissions to the associated file.

IMPLEMENTATION NOTES

typedef mode_t *acl_permset_t;

/* internal ACL structure */
struct acl {
int acl_cnt;
struct acl_entry acl_entry[ACL_MAX_ENTRIES];
};

/* external ACL structure */
struct acl_t_struct {
struct acl ats_acl;
int ats_cur_entry;
};
typedef struct acl_t_struct *acl_t;

/*
* Possible valid values for ae_tag field.
*/
#define ACL_UNDEFINED_TAG 0x00000000
#define ACL_USER_OBJ 0x00000001
#define ACL_USER 0x00000002
#define ACL_GROUP_OBJ 0x00000004
#define ACL_GROUP0x00000008
#define ACL_MASK 0x00000010
#define ACL_OTHER0x00000020
#define ACL_OTHER_OBJ ACL_OTHER

/*
* Possible valid values for acl_type_t arguments.
*/
#define ACL_TYPE_ACCESS 0x00000000
#define ACL_TYPE_DEFAULT 0x00000001
#define ACL_TYPE_AFS 0x00000002
#define ACL_TYPE_CODA 0x00000003
#define ACL_TYPE_NTFS 0x00000004
#define ACL_TYPE_NWFS 0x00000005

/*
* Possible flags in ae_perm field.
*/
#define ACL_EXECUTE 0x0001
#define ACL_WRITE0x0002
#define ACL_READ 0x0004
#define ACL_PERM_NONE 0x0000
#define ACL_PERM_BITS (ACL_EXECUTE | ACL_WRITE | ACL_READ)
#define ACL_POSIX1E_BITS (ACL_EXECUTE | ACL_WRITE | ACL_READ)

/*
* Possible entry_id values for acl_get_entry()
*/
#define ACL_FIRST_ENTRY 0
#define ACL_NEXT_ENTRY1

/*
* Undefined value in ae_id field
*/
#define ACL_UNDEFINED_ID ((uid_t)-1)

AUTHORS

Created by Blin Media, 2008-2013

NAME

CONTENTS

SYNOPSIS

DESCRIPTION

IMPLEMENTATION NOTES

SEE ALSO

AUTHORS