Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
ACL(9)		       FreeBSD Kernel Developer's Manual		ACL(9)

     acl -- virtual file system	access control lists

     #include <sys/param.h>
     #include <sys/vnode.h>
     #include <sys/acl.h>

     In	the kernel configuration file:
     options UFS_ACL

     Access control lists, or ACLs, allow fine-grained specification of	rights
     for vnodes	representing files and directories.  However, as there are a
     plethora of file systems with differing ACL semantics, the	vnode inter-
     face is aware only	of the syntax of ACLs, relying on the underlying file
     system to implement the details.  Depending on the	underlying file	sys-
     tem, each file or directory may have zero or more ACLs associated with
     it, named using the type field of the appropriate vnode ACL calls:

     Currently,	each ACL is represented	in-kernel by a fixed-size acl struc-
     ture, defined as follows:

	   struct acl {
		   int			   acl_cnt;
		   struct acl_entry	   acl_entry[ACL_MAX_ENTRIES];

     An	ACL is constructed from	a fixed	size array of ACL entries, each	of
     which consists of a set of	permissions, principal namespace, and princi-
     pal identifier.

     Each individual ACL entry is of the type acl_entry_t, which is a struc-
     ture with the following members:

     acl_tag_t ae_tag
	 The following is a list of definitions	of ACL types to	be set in

	       ACL_UNDEFINED_FIELD  Undefined ACL type.
	       ACL_USER_OBJ	    Discretionary access rights	for processes
				    whose effective user ID matches the	user
				    ID of the file's owner.
	       ACL_USER		    Discretionary access rights	for processes
				    whose effective user ID matches the	ACL
				    entry qualifier.
	       ACL_GROUP_OBJ	    Discretionary access rights	for processes
				    whose effective group ID or	any supplemen-
				    tal	groups match the group ID of the
				    file's owner.
	       ACL_GROUP	    Discretionary access rights	for processes
				    whose effective group ID or	any supplemen-
				    tal	groups match the ACL entry qualifier.
	       ACL_MASK		    The	maximum	discretionary access rights
				    that can be	granted	to a process in	the
				    file group class.
	       ACL_OTHER	    Discretionary access rights	for processes
				    not	covered	by any other ACL entry.
	       ACL_OTHER_OBJ	    Same as ACL_OTHER.	Each ACL entry must
				    contain exactly one	ACL_USER_OBJ, one
				    ACL_GROUP_OBJ, and one ACL_OTHER.  If any
				    of ACL_USER, ACL_GROUP, or ACL_OTHER are
				    present, then exactly one ACL_MASK entry
				    should be present.

     uid_t ae_id
	 The ID	of user	for whom this ACL describes access permissions.

     acl_perm_t	ae_perm
	 This field defines what kind of access	the process matching this ACL
	 has for accessing the associated file.

	 ACL_EXECUTE	   The process may execute the associated file.

	 ACL_WRITE	   The process may write to the	associated file.

	 ACL_READ	   The process may read	from the associated file.

	 ACL_PERM_NONE	   The process has no read, write or execute permis-
			   sions to the	associated file.

     typedef mode_t  *acl_permset_t;

     /*	internal ACL structure */
     struct acl	{
	     int		     acl_cnt;
	     struct acl_entry	     acl_entry[ACL_MAX_ENTRIES];

     /*	external ACL structure */
     struct acl_t_struct {
	     struct acl		     ats_acl;
	     int		     ats_cur_entry;
     typedef struct acl_t_struct *acl_t;

      *	Possible valid values for ae_tag field.
     #define ACL_UNDEFINED_TAG	     0x00000000
     #define ACL_USER_OBJ	     0x00000001
     #define ACL_USER		     0x00000002
     #define ACL_GROUP_OBJ	     0x00000004
     #define ACL_GROUP		     0x00000008
     #define ACL_MASK		     0x00000010
     #define ACL_OTHER		     0x00000020
     #define ACL_OTHER_OBJ	     ACL_OTHER

      *	Possible valid values for acl_type_t arguments.
     #define ACL_TYPE_ACCESS	     0x00000000
     #define ACL_TYPE_DEFAULT	     0x00000001
     #define ACL_TYPE_AFS	     0x00000002
     #define ACL_TYPE_CODA	     0x00000003
     #define ACL_TYPE_NTFS	     0x00000004
     #define ACL_TYPE_NWFS	     0x00000005

      *	Possible flags in ae_perm field.
     #define ACL_EXECUTE	     0x0001
     #define ACL_WRITE		     0x0002
     #define ACL_READ		     0x0004
     #define ACL_PERM_NONE	     0x0000

      *	Possible entry_id values for acl_get_entry()
     #define ACL_FIRST_ENTRY	     0
     #define ACL_NEXT_ENTRY	     1

      *	Undefined value	in ae_id field
     #define ACL_UNDEFINED_ID	     ((uid_t)-1)

     acl(3), vaccess_acl_posix1e(9), VFS(9), vnaccess(9), VOP_ACLCHECK(9),

     This manual page was written by Robert Watson.

FreeBSD	11.1		       December	23, 1999		  FreeBSD 11.1


Want to link to this manual page? Use this URL:

home | help