Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
VACCESS_ACL_NFS4(9)    FreeBSD Kernel Developer's Manual   VACCESS_ACL_NFS4(9)

NAME
     vaccess_acl_nfs4 -- generate a NFSv4 ACL access control decision using
     vnode parameters

SYNOPSIS
     #include <sys/param.h>
     #include <sys/vnode.h>
     #include <sys/acl.h>

     int
     vaccess_acl_nfs4(enum vtype type, uid_t file_uid, gid_t file_gid,
	 struct	acl *acl, accmode_t accmode, struct ucred *cred,
	 int *privused);

DESCRIPTION
     This call implements the logic for	the UNIX discretionary file security
     model with	NFSv4 ACL extensions.  It accepts the vnodes type type,	owning
     UID file_uid, owning GID file_gid,	access ACL for the file	acl, desired
     access mode accmode, requesting credential	cred, and an optional call-by-
     reference int pointer returning whether or	not privilege was required for
     successful	evaluation of the call;	the privused pointer may be set	to
     NULL by the caller	in order not to	be informed of privilege information,
     or	it may point to	an integer that	will be	set to 1 if privilege is used,
     and 0 otherwise.

     This call is intended to support implementations of VOP_ACCESS(9),	which
     will use their own	access methods to retrieve the vnode properties, and
     then invoke vaccess_acl_nfs4() in order to	perform	the actual check.
     Implementations of	VOP_ACCESS(9) may choose to implement additional secu-
     rity mechanisms whose results will	be composed with the return value.

     The algorithm used	by vaccess_acl_nfs4() is based on the NFSv4 ACL	evalu-
     ation algorithm, as described in NFSv4 Minor Version 1, draft-ietf-
     nfsv4-minorversion1-21.txt.  The algorithm	selects	a matching entry from
     the access	ACL, which may then be composed	with an	available ACL mask
     entry, providing UNIX security compatibility.

     Once appropriate protections are selected for the current credential, the
     requested access mode, in combination with	the vnode type,	will be	com-
     pared with	the discretionary rights available for the credential.	If the
     rights granted by discretionary protections are insufficient, then	super-
     user privilege, if	available for the credential, will also	be considered.

RETURN VALUES
     vaccess_acl_nfs4()	will return 0 on success, or a non-zero	error value on
     failure.

ERRORS
     [EACCES]		Permission denied.  An attempt was made	to access a
			file in	a way forbidden	by its file access permis-
			sions.

     [EPERM]		Operation not permitted.  An attempt was made to per-
			form an	operation limited to processes with appropri-
			ate privileges or to the owner of a file or other
			resource.

SEE ALSO
     vaccess(9), vnode(9), VOP_ACCESS(9)

AUTHORS
     Current implementation of vaccess_acl_nfs4() was written by Edward	Tomasz
     Napierala <trasz@FreeBSD.org>.

BUGS
     This manual page should include a full description	of the NFSv4 ACL eval-
     uation algorithm, or cross	reference another page that does.

FreeBSD	9.2		      September	18, 2009		   FreeBSD 9.2

NAME | SYNOPSIS | DESCRIPTION | RETURN VALUES | ERRORS | SEE ALSO | AUTHORS | BUGS

Want to link to this manual page? Use this URL:
<http://www.freebsd.org/cgi/man.cgi?query=vaccess_acl_nfs4&sektion=9&manpath=FreeBSD+9.2-RELEASE>

home | help