man ACL (9) | Kernel routines | Unix Manual Pages

News Categories Alphabetical Search About us

man ACL (9) | Kernel routines | Unix Manual Pages | :man▋

Currently, each ACL is represented in-kernel by a fixed-size
.Vt acl structure, defined as follows:
struct acl {
int acl_cnt;
struct acl_entry acl_entry[ACL_MAX_ENTRIES];
};

An ACL is constructed from a fixed size array of ACL entries, each of which consists of a set of permissions, principal namespace, and principal identifier.

Each individual ACL entry is of the type
.Vt acl_entry_t , which is a structure with the following members:

Vt acl_tag_t ae_tag
The following is a list of definitions of ACL types to be set in ae_tag:

ACL_UNDEFINED_FIELD Undefined ACL type.

ACL_USER_OBJ Discretionary access rights for processes whose effective user ID matches the user ID of the file’s owner.

ACL_USER Discretionary access rights for processes whose effective user ID matches the ACL entry qualifier.

ACL_GROUP_OBJ Discretionary access rights for processes whose effective group ID or any supplemental groups match the group ID of the file’s owner.

ACL_GROUP Discretionary access rights for processes whose effective group ID or any supplemental groups match the ACL entry qualifier.

ACL_MASK The maximum discretionary access rights that can be granted to a process in the file group class.

ACL_OTHER Discretionary access rights for processes not covered by any other ACL entry.

ACL_OTHER_OBJ Same as ACL_OTHER. Each ACL entry must contain exactly one ACL_USER_OBJ, one ACL_GROUP_OBJ, and one ACL_OTHER. If any of ACL_USER, ACL_GROUP, or ACL_OTHER are present, then exactly one ACL_MASK entry should be present.

Vt uid_t ae_id The ID of user for whom this ACL describes access permissions.

Vt acl_perm_t ae_perm This field defines what kind of access the process matching this ACL has for accessing the associated file.

ACL_EXECUTE The process may execute the associated file.

ACL_WRITE The process may write to the associated file.

ACL_READ The process may read from the associated file.

ACL_PERM_NONE The process has no read, write or execute permissions to the associated file.

IMPLEMENTATION NOTES

typedef mode_t *acl_permset_t;

/* internal ACL structure */
struct acl {
int acl_cnt;
struct acl_entry acl_entry[ACL_MAX_ENTRIES];
};

/* external ACL structure */
struct acl_t_struct {
struct acl ats_acl;
int ats_cur_entry;
};
typedef struct acl_t_struct *acl_t;

/*
* Possible valid values for ae_tag field.
*/
#define ACL_UNDEFINED_TAG 0x00000000
#define ACL_USER_OBJ 0x00000001
#define ACL_USER 0x00000002
#define ACL_GROUP_OBJ 0x00000004
#define ACL_GROUP0x00000008
#define ACL_MASK 0x00000010
#define ACL_OTHER0x00000020
#define ACL_OTHER_OBJ ACL_OTHER

/*
* Possible valid values for acl_type_t arguments.
*/
#define ACL_TYPE_ACCESS 0x00000000
#define ACL_TYPE_DEFAULT 0x00000001
#define ACL_TYPE_AFS 0x00000002
#define ACL_TYPE_CODA 0x00000003
#define ACL_TYPE_NTFS 0x00000004
#define ACL_TYPE_NWFS 0x00000005

/*
* Possible flags in ae_perm field.
*/
#define ACL_EXECUTE 0x0001
#define ACL_WRITE0x0002
#define ACL_READ 0x0004
#define ACL_PERM_NONE 0x0000
#define ACL_PERM_BITS (ACL_EXECUTE | ACL_WRITE | ACL_READ)
#define ACL_POSIX1E_BITS (ACL_EXECUTE | ACL_WRITE | ACL_READ)

/*
* Possible entry_id values for acl_get_entry()
*/
#define ACL_FIRST_ENTRY 0
#define ACL_NEXT_ENTRY1

/*
* Undefined value in ae_id field
*/
#define ACL_UNDEFINED_ID ((uid_t)-1)

AUTHORS

greatis just4fun network

NAME

CONTENTS

SYNOPSIS

DESCRIPTION

IMPLEMENTATION NOTES

SEE ALSO

AUTHORS