Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
ACL(9)                 FreeBSD Kernel Developer's Manual                ACL(9)

     acl -- virtual file system access control lists

     #include <sys/param.h>
     #include <sys/vnode.h>
     #include <sys/acl.h>

     In the kernel configuration file:
     options UFS_ACL

     Access control lists, or ACLs, allow fine-grained specification of rights
     for vnodes representing files and directories.  However, as there are a
     plethora of file systems with differing ACL semantics, the vnode inter-
     face is aware only of the syntax of ACLs, relying on the underlying file
     system to implement the details.  Depending on the underlying file sys-
     tem, each file or directory may have zero or more ACLs associated with
     it, named using the type field of the appropriate vnode ACL calls:

     Currently, each ACL is represented in-kernel by a fixed-size acl struc-
     ture, defined as follows:

           struct acl {
                   int                     acl_cnt;
                   struct acl_entry        acl_entry[ACL_MAX_ENTRIES];

     An ACL is constructed from a fixed size array of ACL entries, each of
     which consists of a set of permissions, principal namespace, and princi-
     pal identifier.

     Each individual ACL entry is of the type acl_entry_t, which is a struc-
     ture with the following members:

     acl_tag_t ae_tag
         The following is a list of definitions of ACL types to be set in

               ACL_UNDEFINED_FIELD  Undefined ACL type.
               ACL_USER_OBJ         Discretionary access rights for processes
                                    whose effective user ID matches the user
                                    ID of the file's owner.
               ACL_USER             Discretionary access rights for processes
                                    whose effective user ID matches the ACL
                                    entry qualifier.
               ACL_GROUP_OBJ        Discretionary access rights for processes
                                    whose effective group ID or any supplemen-
                                    tal groups match the group ID of the
                                    file's owner.
               ACL_GROUP            Discretionary access rights for processes
                                    whose effective group ID or any supplemen-
                                    tal groups match the ACL entry qualifier.
               ACL_MASK             The maximum discretionary access rights
                                    that can be granted to a process in the
                                    file group class.
               ACL_OTHER            Discretionary access rights for processes
                                    not covered by any other ACL entry.
               ACL_OTHER_OBJ        Same as ACL_OTHER.  Each ACL entry must
                                    contain exactly one ACL_USER_OBJ, one
                                    ACL_GROUP_OBJ, and one ACL_OTHER.  If any
                                    of ACL_USER, ACL_GROUP, or ACL_OTHER are
                                    present, then exactly one ACL_MASK entry
                                    should be present.

     uid_t ae_id
         The ID of user for whom this ACL describes access permissions.

     acl_perm_t ae_perm
         This field defines what kind of access the process matching this ACL
         has for accessing the associated file.

         ACL_EXECUTE       The process may execute the associated file.

         ACL_WRITE         The process may write to the associated file.

         ACL_READ          The process may read from the associated file.

         ACL_PERM_NONE     The process has no read, write or execute permis-
                           sions to the associated file.

     typedef mode_t  *acl_permset_t;

     /* internal ACL structure */
     struct acl {
             int                     acl_cnt;
             struct acl_entry        acl_entry[ACL_MAX_ENTRIES];

     /* external ACL structure */
     struct acl_t_struct {
             struct acl              ats_acl;
             int                     ats_cur_entry;
     typedef struct acl_t_struct *acl_t;

      * Possible valid values for ae_tag field.
     #define ACL_UNDEFINED_TAG       0x00000000
     #define ACL_USER_OBJ            0x00000001
     #define ACL_USER                0x00000002
     #define ACL_GROUP_OBJ           0x00000004
     #define ACL_GROUP               0x00000008
     #define ACL_MASK                0x00000010
     #define ACL_OTHER               0x00000020
     #define ACL_OTHER_OBJ           ACL_OTHER

      * Possible valid values for acl_type_t arguments.
     #define ACL_TYPE_ACCESS         0x00000000
     #define ACL_TYPE_DEFAULT        0x00000001
     #define ACL_TYPE_AFS            0x00000002
     #define ACL_TYPE_CODA           0x00000003
     #define ACL_TYPE_NTFS           0x00000004
     #define ACL_TYPE_NWFS           0x00000005

      * Possible flags in ae_perm field.
     #define ACL_EXECUTE             0x0001
     #define ACL_WRITE               0x0002
     #define ACL_READ                0x0004
     #define ACL_PERM_NONE           0x0000
     #define ACL_PERM_BITS           (ACL_EXECUTE | ACL_WRITE | ACL_READ)

      * Possible entry_id values for acl_get_entry()
     #define ACL_FIRST_ENTRY         0
     #define ACL_NEXT_ENTRY          1

      * Undefined value in ae_id field
     #define ACL_UNDEFINED_ID        ((uid_t)-1)

     acl(3), vaccess_acl_posix1e(9), VFS(9), vnaccess(9), VOP_ACLCHECK(9),

     This manual page was written by Robert Watson.

FreeBSD 6.2                    December 23, 1999                   FreeBSD 6.2


Want to link to this manual page? Use this URL:

home | help