Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
ACL(9)                 FreeBSD Kernel Developer's Manual                ACL(9)

NAME
     acl -- virtual file system access control lists

SYNOPSIS
     #include <sys/param.h>
     #include <sys/vnode.h>
     #include <sys/acl.h>

     In the kernel configuration file:
     options UFS_ACL

DESCRIPTION
     Access control lists, or ACLs, allow fine-grained specification of rights
     for vnodes representing files and directories.  However, as there are a
     plethora of file systems with differing ACL semantics, the vnode inter-
     face is aware only of the syntax of ACLs, relying on the underlying file
     system to implement the details.  Depending on the underlying file sys-
     tem, each file or directory may have zero or more ACLs associated with
     it, named using the type field of the appropriate vnode ACL calls:
     VOP_ACLCHECK(9), VOP_GETACL(9), and VOP_SETACL(9).

     Currently, each ACL is represented in-kernel by a fixed-size acl struc-
     ture, defined as follows:

           struct acl {
                   int                     acl_cnt;
                   struct acl_entry        acl_entry[ACL_MAX_ENTRIES];
           };

     An ACL is constructed from a fixed size array of ACL entries, each of
     which consists of a set of permissions, principal namespace, and princi-
     pal identifier.

     Each individual ACL entry is of the type acl_entry_t, which is a struc-
     ture with the following members:

     acl_tag_t ae_tag
         The following is a list of definitions of ACL types to be set in
         ae_tag:

               ACL_UNDEFINED_FIELD  Undefined ACL type.
               ACL_USER_OBJ         Discretionary access rights for processes
                                    whose effective user ID matches the user
                                    ID of the file's owner.
               ACL_USER             Discretionary access rights for processes
                                    whose effective user ID matches the ACL
                                    entry qualifier.
               ACL_GROUP_OBJ        Discretionary access rights for processes
                                    whose effective group ID or any supplemen-
                                    tal groups match the group ID of the
                                    file's owner.
               ACL_GROUP            Discretionary access rights for processes
                                    whose effective group ID or any supplemen-
                                    tal groups match the ACL entry qualifier.
               ACL_MASK             The maximum discretionary access rights
                                    that can be granted to a process in the
                                    file group class.
               ACL_OTHER            Discretionary access rights for processes
                                    not covered by any other ACL entry.
               ACL_OTHER_OBJ        Same as ACL_OTHER.  Each ACL entry must
                                    contain exactly one ACL_USER_OBJ, one
                                    ACL_GROUP_OBJ, and one ACL_OTHER.  If any
                                    of ACL_USER, ACL_GROUP, or ACL_OTHER are
                                    present, then exactly one ACL_MASK entry
                                    should be present.

     uid_t ae_id
         The ID of user for whom this ACL describes access permissions.

     acl_perm_t ae_perm
         This field defines what kind of access the process matching this ACL
         has for accessing the associated file.

         ACL_EXECUTE       The process may execute the associated file.

         ACL_WRITE         The process may write to the associated file.

         ACL_READ          The process may read from the associated file.

         ACL_PERM_NONE     The process has no read, write or execute permis-
                           sions to the associated file.

IMPLEMENTATION NOTES
     typedef mode_t  *acl_permset_t;

     /* internal ACL structure */
     struct acl {
             int                     acl_cnt;
             struct acl_entry        acl_entry[ACL_MAX_ENTRIES];
     };

     /* external ACL structure */
     struct acl_t_struct {
             struct acl              ats_acl;
             int                     ats_cur_entry;
     };
     typedef struct acl_t_struct *acl_t;

     /*
      * Possible valid values for ae_tag field.
      */
     #define ACL_UNDEFINED_TAG       0x00000000
     #define ACL_USER_OBJ            0x00000001
     #define ACL_USER                0x00000002
     #define ACL_GROUP_OBJ           0x00000004
     #define ACL_GROUP               0x00000008
     #define ACL_MASK                0x00000010
     #define ACL_OTHER               0x00000020
     #define ACL_OTHER_OBJ           ACL_OTHER

     /*
      * Possible valid values for acl_type_t arguments.
      */
     #define ACL_TYPE_ACCESS         0x00000000
     #define ACL_TYPE_DEFAULT        0x00000001
     #define ACL_TYPE_AFS            0x00000002
     #define ACL_TYPE_CODA           0x00000003
     #define ACL_TYPE_NTFS           0x00000004
     #define ACL_TYPE_NWFS           0x00000005

     /*
      * Possible flags in ae_perm field.
      */
     #define ACL_EXECUTE             0x0001
     #define ACL_WRITE               0x0002
     #define ACL_READ                0x0004
     #define ACL_PERM_NONE           0x0000
     #define ACL_PERM_BITS           (ACL_EXECUTE | ACL_WRITE | ACL_READ)
     #define ACL_POSIX1E_BITS        (ACL_EXECUTE | ACL_WRITE | ACL_READ)

     /*
      * Possible entry_id values for acl_get_entry()
      */
     #define ACL_FIRST_ENTRY         0
     #define ACL_NEXT_ENTRY          1

     /*
      * Undefined value in ae_id field
      */
     #define ACL_UNDEFINED_ID        ((uid_t)-1)

SEE ALSO
     acl(3), vaccess_acl_posix1e(9), VFS(9), vnaccess(9), VOP_ACLCHECK(9),
     VOP_GETACL(9), VOP_SETACL(9)

AUTHORS
     This manual page was written by Robert Watson.

FreeBSD 6.2                    December 23, 1999                   FreeBSD 6.2

NAME | SYNOPSIS | DESCRIPTION | IMPLEMENTATION NOTES | SEE ALSO | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=acl&sektion=9&manpath=FreeBSD+6.2-RELEASE>

home | help