Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
aclcheck(3SEC)	     File Access Control Library Functions	aclcheck(3SEC)

NAME
       aclcheck	- check	the validity of	an ACL

SYNOPSIS
       cc [ flag... ] file... -lsec [ library... ]
       #include	<sys/acl.h>

       int aclcheck(aclent_t *aclbufp, int nentries, int *which);

DESCRIPTION
       The  aclcheck()	function  checks  the validity of an ACL pointed to by
       aclbufp.	The nentries argument is the number of	entries	 contained  in
       the  buffer.  The  which	parameter returns the index of the first entry
       that is invalid.

       The function verifies that an ACL pointed to by aclbufp	is  valid  ac-
       cording to the following	rules:

	 o  There must be exactly one GROUP_OBJ	ACL entry.

	 o  There must be exactly one USER_OBJ ACL entry.

	 o  There must be exactly one OTHER_OBJ	ACL entry.

	 o  If	there  are  any	 GROUP	ACL entries, then the group ID in each
	    group ACL entry must be unique.

	 o  If there are any USER ACL entries, then the	user ID	in  each  user
	    ACL	entry must be unique.

	 o  If there are any GROUP or USER ACL entries,	then there must	be ex-
	    actly one CLASS_OBJ	(ACL mask) entry.

	 o  If there are any default ACL entries, then the following apply:

	      o	 There must be exactly one default GROUP_OBJ ACL entry.

	      o	 There must be exactly one default OTHER_OBJ ACL entry.

	      o	 There must be exactly one default USER_OBJ ACL	entry.

	      o	 If there are any DEF_GROUP entries, then the group ID in each
		 DEF_GROUP ACL entry must be unique.

	      o	 If  there  are	any DEF_USER entries, then the user ID in each
		 DEF_USER ACL entry must be unique.

	      o	 If there are any DEF_GROUP or DEF_USER	 entries,  then	 there
		 must be exactly one DEF_CLASS_OBJ (default ACL	mask) entry.

	 o  If	any  of	 the above rules are violated, then the	function fails
	    with errno set to  EINVAL.

RETURN VALUES
       If the ACL is valid, alcheck() will return 0. Otherwise	errno  is  set
       to EINVAL and return code is set	to one of the following:

       GRP_ERROR	       There   is   more   than	  one	GROUP_OBJ   or
			       DEF_GROUP_OBJ ACL entry.

       USER_ERROR	       There is	more than one USER_OBJ or DEF_USER_OBJ
			       ACL entry.

       CLASS_ERROR	       There  is more than one CLASS_OBJ (ACL mask) or
			       DEF_CLASS_OBJ (default ACL mask)	entry.

       OTHER_ERROR	       There   is   more   than	  one	OTHER_OBJ   or
			       DEF_OTHER_OBJ ACL entry.

       DUPLICATE_ERROR	       Duplicate  entries of USER, GROUP, DEF_USER, or
			       DEF_GROUP.

       ENTRY_ERROR	       The entry type is invalid.

       MISS_ERROR	       Missing an entry. The which  parameter  returns
			       -1 in this case.

       MEM_ERROR	       The  system  cannot  allocate  any  memory. The
			       which parameter returns -1 in this case.

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+
       |MT-Level		     |Unsafe			   |
       +-----------------------------+-----------------------------+

SEE ALSO
       acl(2), aclsort(3SEC), attributes(5)

SunOS 5.10			  10 Dec 2001			aclcheck(3SEC)

NAME | SYNOPSIS | DESCRIPTION | RETURN VALUES | ATTRIBUTES | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=aclcheck&sektion=3sec&manpath=SunOS+5.10>

home | help