<html>
<head>
<meta name="Content-Style" content="text/css">
</head>
<body>
<a href="#NAME">NAME</a><br>
<a href="#SYNOPSIS">SYNOPSIS</a><br>
<a href="##include <acl/acl.h>">#include <acl/acl.h></a><br>
<a href="#DESCRIPTION">DESCRIPTION</a><br>
<a href="#EXTERNAL REPRESENTATION">EXTERNAL REPRESENTATION</a><br>
<!-- Creator : groff version 1.16.1 -->
<!-- CreationDate: Wed Jan 24 01:42:49 2001
-->
<!-- Total number of pages: 2 -->
<!-- Page: 1 -->
<!-- left margin: 220 -->
<!-- right margin: 750 -->
<a name="NAME"></a><h2>NAME</h2><p style="margin-left: 18%"><font size=3>acl - Access Control Lists</font></p>
<a name="SYNOPSIS"></a><h2>SYNOPSIS</h2><a name="#include <acl/acl.h>"></a><h2>#include <acl/acl.h></h2><a name="DESCRIPTION"></a><h2>DESCRIPTION</h2><p style="margin-left: 18%"><font size=3>This desciption is for Access Control Lists (ACLs) as supported on XFS file systems.</font></p>
<p style="margin-left: 18%"><font size=3>ACLs provide a mechanism for finer grained access control than the traditional UNIX discretionary access control mechanism. An ACL is a list of users and/or groups and their access rights, which is associated with a file or directory. ACLs are optional. In addition to the ACL used to mediate access, a directory may have a second ACL which defines the default initial ACL for files created in that directory. Files have only the single access control ACL.</font></p>
<p style="margin-left: 18%"><font size=3>At the interface to the library routines, ACLs are represented in a</font> <font size=3><I>struct acl</I></font> <font size=3>which is defined in</font> <font size=3><I><acl/acl.h></I></font><font size=3>.</font>
<table width="99%" rules="none" frame="none" cols="2" cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td valign="top" align="left" width="20%">
</p>
</td>
<td valign="top" align="left" width="79%">
<p><font size=3>#define ACL_MAX_ENTRIES 25</font></p>
</td>
</tr>
</table>
<table width="99%" rules="none" frame="none" cols="2" cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td valign="top" align="left" width="20%">
</p>
</td>
<td valign="top" align="left" width="79%">
<p><font size=3>typedef ushort acl_perm_t;</font></p>
</td>
</tr>
</table>
<br>
<span style=" text-indent: 1%;"></span><font size=3>typedef int acl_type_t;<br>
<span style=" text-indent: 1%;"></span>typedef int acl_tag_t;</font>
<table width="99%" rules="none" frame="none" cols="2" cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td valign="top" align="left" width="20%">
</p>
</td>
<td valign="top" align="left" width="79%">
<p><font size=3>struct acl_entry {<br>
<span style=" text-indent: 7%;"></span>acl_tag_t ae_tag;<br>
<span style=" text-indent: 7%;"></span>uid_t ae_id;<br>
<span style=" text-indent: 7%;"></span>acl_perm_t ae_perm;<br>
};<br>
typedef struct acl_entry * acl_entry_t;</font></p>
<p><font size=3>struct acl {<br>
<span style=" text-indent: 7%;"></span>int acl_cnt;<br>
<span style=" text-indent: 7%;"></span>struct acl_entry acl_entry[ACL_MAX_ENTRIES];<br>
};</font></p>
</td>
</tr>
</table>
</p>
<p style="margin-left: 18%"><font size=3>This is a fixed size structure with a variable number of active</font> <font size=3><I>struct acl_entry</I></font> <font size=3>entries. The maximum number of entries is</font> <font size=3><I>ACL_MAX_ENTRIES</I></font> <font size=3>which is currently defined to be 25. The number of active entries is indicated in</font> <font size=3><I>acl_cnt</I></font><font size=3>.</font></p>
<p style="margin-left: 18%"><font size=3>A</font> <font size=3><I>struct acl_entry</I></font> <font size=3>consists of three fields,</font> <font size=3><I>ae_tag</I></font><font size=3>, which identifies the type of the entry, and is one of the following values (all other values are invalid):</font></p>
<p style="margin-left: 18%"><font size=3><I>ACL_USER_OBJ</I></font> <font size=3>(0x01)</font>
<table width="99%" rules="none" frame="none" cols="2" cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td valign="top" align="left" width="32%">
</p>
</td>
<td valign="top" align="left" width="67%">
<p><font size=3>access permissions for the file's owner.</font></p>
</td>
</tr>
</table>
</p>
<p style="margin-left: 18%"><font size=3><I>ACL_USER</I></font> <font size=3>(0x02)</font>
<table width="99%" rules="none" frame="none" cols="2" cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td valign="top" align="left" width="32%">
</p>
</td>
<td valign="top" align="left" width="67%">
<p><font size=3>access permissions for a user other than the owner.</font></p>
</td>
</tr>
</table>
</p>
<p style="margin-left: 18%"><font size=3><I>ACL_GROUP_OBJ</I></font> <font size=3>(0x04)</font>
<table width="99%" rules="none" frame="none" cols="2" cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td valign="top" align="left" width="32%">
</p>
</td>
<td valign="top" align="left" width="67%">
<p><font size=3>access permissions for users with the same group as the file's group</font></p>
</td>
</tr>
</table>
</p>
<p style="margin-left: 18%"><font size=3><I>ACL_GROUP</I></font> <font size=3>(0x08)</font>
<table width="99%" rules="none" frame="none" cols="2" cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td valign="top" align="left" width="32%">
</p>
</td>
<td valign="top" align="left" width="67%">
<p><font size=3>access permissions for other groups</font></p>
</td>
</tr>
</table>
</p>
<p style="margin-left: 18%"><font size=3><I>ACL_MASK</I></font> <font size=3>(0x10)</font>
<table width="99%" rules="none" frame="none" cols="2" cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td valign="top" align="left" width="32%">
</p>
</td>
<td valign="top" align="left" width="67%">
<p><font size=3>mask entry</font></p>
</td>
</tr>
</table>
</p>
<p style="margin-left: 18%"><font size=3><I>ACL_OTHER_OBJ</I></font> <font size=3>(0x20)</font>
<table width="99%" rules="none" frame="none" cols="2" cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td valign="top" align="left" width="32%">
</p>
</td>
<td valign="top" align="left" width="67%">
<p><font size=3>other entry.</font></p>
</td>
</tr>
</table>
<table width="99%" rules="none" frame="none" cols="2" cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td valign="top" align="left" width="32%">
</p>
</td>
<td valign="top" align="left" width="67%">
<p><font size=3>The</font> <font size=3><I>ae_id</I></font> <font size=3>field of</font> <font size=3><I>struct acl_entry</I></font> <font size=3>specifies the UID or GID for the entry. The</font> <font size=3><I>ae_perm</I></font> <font size=3>field specifies the permissions using the following defined values:</font></p>
</td>
</tr>
</table>
</p>
<p style="margin-left: 18%"><font size=3><I>ACL_READ</I></font> <font size=3>(0x04)</font>
<table width="99%" rules="none" frame="none" cols="2" cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td valign="top" align="left" width="32%">
</p>
</td>
<td valign="top" align="left" width="67%">
<p><font size=3>read access permitted</font></p>
</td>
</tr>
</table>
<br>
</p>
<!-- Page: 2 -->
<!-- left margin: 220 -->
<!-- right margin: 750 -->
<p style="margin-left: 18%"><font size=3><I>ACL_WRITE</I></font> <font size=3>(0x02)</font>
<table width="99%" rules="none" frame="none" cols="2" cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td valign="top" align="left" width="32%">
</p>
</td>
<td valign="top" align="left" width="67%">
<p><font size=3>write access permitted</font></p>
</td>
</tr>
</table>
</p>
<p style="margin-left: 18%"><font size=3><I>ACL_EXECUTE</I></font> <font size=3>(0x01)</font>
<table width="99%" rules="none" frame="none" cols="2" cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td valign="top" align="left" width="32%">
</p>
</td>
<td valign="top" align="left" width="67%">
<p><font size=3>execute (search for directories) access permitted</font></p>
</td>
</tr>
</table>
</p>
<p style="margin-left: 18%"><font size=3>As with the basic permissions for a file, these may be or'ed together.</font></p>
<p style="margin-left: 18%"><font size=3>Two types of ACLs are defined.</font> <font size=3><I>ACL_TYPE_ACCESS</I></font> <font size=3>(0) indicates that the ACL is to be used in making access control decisions for the file or directory with which it is associated.</font> <font size=3><I>ACL_TYPE_DEFAULT</I></font> <font size=3>(1) indicates that the ACL is a default ACL. Default ACLs are associated only with directories, and supply the initial ACL for a file created in that directory. Note that file­creation mode masks may effect the ACLs of files created as a result of using directory default ACLs (see</font> <font size=3><I>umask</I></font><font size=3>(1)). ACLs are supplied using the</font> <font size=3><I>acl_get_file</I></font><font size=3>(3c) and</font> <font size=3><I>acl_set_file</I></font><font size=3>(3c) calls.</font></p>
<a name="EXTERNAL REPRESENTATION"></a><h2>EXTERNAL REPRESENTATION</h2><p style="margin-left: 18%"><font size=3>ACLs are represented in a standard format for human readable input / output. Each ACL entry is specified as three colon separated fields. ACL entries are separated by white space or new lines. Everything after a "#" character is considered a comment and is ignored to the end of the line. The first field of an ACL entry is the entry type, which can be one of the following: "user", "group", "other", "mask", "u", "g", "o", "m".</font></p>
<p style="margin-left: 18%"><font size=3>The second field is a user name, numeric UID, group name, or numeric GID, depending on the value of the first field. (</font><font size=3><I>acl_from_text</I></font><font size=3>(3c) supports only the strings, not the numeric UID/GID values.) If the second field is empty, it implies that the ACL entry is for the owning user or group of the file. Mask and other entries must have an empty second field. The third field is the discretionary access permissions for this ACL entry. This may be represented in two forms. The first is the string "rwx" where each letter may be replaced by a "­" indicating no access of that type. The parsing of this string by</font> <font size=3><I>acl_from_text</I></font><font size=3>(3c) requires that it be exactly as shown and not be reordered, e.g. rxw is not valid.</font></p>
<p style="margin-left: 18%"><font size=3>Some programs allow a second form, the relative symbolic form (used for input). The relative symbolic form is preceded by a ``+'' to indicate additional access or a ``^'' to indicate that access is to be removed, similarly to the inputs to the</font> <font size=3><I>chmod</I></font><font size=3>(1) command. The relative symbolic string is at least one character. The symbolic string contains at most one each of the following characters in any order: "r", "w", and "x".</font><br>
</p>
</body>
</html>
![[BACK]](/icons/back.gif){kind=icon}
Return to acl.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [Development] / xfs-website.orig / manpages